Blog
← Back to Blog
April 05, 2023 general

Seven Years: From Ransomware to AI, Serving Every Regulated Profession

Seven year anniversary milestone from ransomware to AI

Seven years ago today, we wrote about a hospital paying $17,000 in Bitcoin to ransomware attackers. It was our first blog post and, at the time, one of the most alarming cybersecurity stories in healthcare.

Today, $17,000 is a rounding error. Colonial Pipeline paid $4.4 million. JBS paid $11 million. The average ransomware payment exceeds $800,000. And the newest threat vector isn't a virus. It's artificial intelligence.

Seven Years of Evolution

2016: Ransomware arrives. We learn to back up everything.

2017: WannaCry and NotPetya. We learn that patching is survival.

2018: Cambridge Analytica and GDPR. We learn that privacy matters.

2019: Cities fall to ransomware. We learn that nobody is too big or too small.

2020: COVID forces remote work. We learn that flexibility requires security.

2021: Colonial Pipeline and SolarWinds. We learn that supply chains are attack chains.

2022: Russia-Ukraine and LastPass. We learn that geopolitics is cybersecurity.

2023: AI arrives. We're learning that the rules are changing again.

What Hasn't Changed

Through seven years of revolution, the fundamentals are granite:

  1. MFA stops the majority of attacks
  2. Tested backups save businesses
  3. Patching prevents the most common exploits
  4. Training reduces human error
  5. Incident response plans turn panic into procedure

These five things were true in 2016 and they're true in 2023. They'll be true in 2030.

Serving All Regulated Professions

Seven years ago, we wrote primarily for dental practices. Today, we serve dental, medical, legal, and financial practices equally. The lesson of those seven years: the threats don't discriminate by industry. Ransomware hits law firms as hard as dental offices. Phishing targets CPAs as effectively as medical practices. AI-generated attacks don't care what profession you're in.

What differs is the regulatory landscape: HIPAA, ABA ethics, SEC rules, IRS requirements. What's constant is the security fundamentals that protect everyone.

Here's to year eight.