Blog
← Back to Blog
April 05, 2025 general

Nine Years: 140+ Posts, Same Five Recommendations

Nine year milestone

Nine years ago today, we wrote about a $17,000 ransomware attack on a hospital. Today, ransomware payments average over $1 million. AI can clone voices and generate perfect phishing. Deepfakes are standard attack tools. And the largest healthcare breach in history (Change Healthcare) affected over 100 million patients.

Through all of that evolution, the defense remains the same five things we recommended in 2016.

The Five That Matter

  1. Enable MFA on everything - Change Healthcare: no MFA. Biggest breach ever.
  2. Maintain tested, offline backups - Every practice that survives ransomware has this. Every practice that pays doesn't.
  3. Patch within 48 hours - WannaCry, NotPetya, Equifax, Exchange. All exploited known patches.
  4. Train your team quarterly - MGM lost $100M to a phone call. Social engineering remains #1.
  5. Have a written incident response plan - CrowdStrike proved that perfect security is impossible. Recovery speed matters.

These five things haven't changed since 2016. They won't change by 2030.

What Has Changed

The sophistication, scale, and consequences have all escalated:

  • Ransom demands went from thousands to millions
  • Supply chain attacks can compromise thousands of organizations through one vendor
  • AI eliminates traditional phishing indicators
  • Nation-states use cyber weapons as standard warfare tools
  • Single infrastructure failures can paralyze entire industries
  • Every regulated industry now has prescriptive cybersecurity requirements

Serving All Regulated Professions

In nine years, we've evolved from a dental IT blog to serving dental, medical, legal, and financial practices equally. The lesson: the fundamentals apply universally. A dental practice, a law firm, an accounting office, and a medical clinic all need the same core security controls.

What differs is the regulatory framework: HIPAA for healthcare, ABA Model Rules for legal, SEC and IRS requirements for financial. But MFA, backups, patching, training, and incident response protect everyone.

Nine years. Over 140 posts. Same five recommendations. Because they work.