Blog
← Back to Blog
April 05, 2020 general

Four Years of the Blog: Writing About Cybersecurity During a Pandemic

Working during pandemic

Four years ago, we started this blog because a hospital paid $17,000 in Bitcoin to ransomware attackers. Today, we're writing during a global pandemic that has sent every practice into crisis mode, forced overnight adoption of remote work and telehealth, and created a target-rich environment for cybercriminals.

We couldn't have predicted this. But the principles we've been writing about for four years, secure remote access, backup everything, verify before clicking, prepare for the unexpected, have never been more relevant.

What COVID-19 Changed Overnight

Remote Work Became Mandatory

Practices that had never considered remote work were forced into it in days. Staff accessed systems from home computers, over consumer internet connections, without VPNs or 2FA. The attack surface expanded dramatically overnight.

Telehealth Went from Optional to Essential

HHS relaxed HIPAA enforcement for telehealth. Practices scrambled to adopt Zoom, FaceTime, and purpose-built platforms. The speed of adoption far outpaced the security assessment process.

Attackers Exploited the Chaos

COVID-themed phishing campaigns exploded within days of the pandemic declaration. Fake CDC emails, malicious tracking maps, fraudulent PPP loan applications. Attackers thrive on urgency and fear, and the pandemic provided both in abundance.

Four Years of Lessons, Applied to a Crisis

Every principle we've written about was tested by COVID-19:

  • Backups: Practices that maintained cloud backups could access data remotely. Those dependent on local server access couldn't.
  • 2FA: Remote access without 2FA was immediately exploited by attackers scanning for exposed RDP.
  • Incident response plans: Practices with plans adapted faster. Those without improvised and suffered.
  • Cloud adoption: Practices already on cloud PMS transitioned smoothly. Server-dependent practices struggled.
  • Phishing awareness: Staff trained to recognize phishing were better equipped to spot COVID-themed scams.

What We've Learned

Resilience matters more than prevention. You can't prevent a pandemic any more than you can prevent every cyberattack. What matters is how quickly you can adapt, recover, and continue operating. That's resilience, and it's built through preparation.

The basics are the basics for a reason. Every crisis reinforces the same fundamentals: backups, access control, encryption, patching, training. They're not glamorous. They work.

Flexibility is a security feature. Practices with flexible infrastructure (cloud services, remote access capability, portable workflows) adapted to the pandemic faster than those locked into rigid, on-premise-only architectures.

Year Five

We'll keep writing. The threats evolving. The landscape shifting. The fundamentals enduring. Thank you for four years of reading. Stay safe, stay healthy, and stay secure.