A prominent healthcare provider with multiple offices had a history of managing their IT with a mix of internal resources and a residential computer repair specialist. Their approach to IT was primarily driven by cost concerns, often choosing the most inexpensive solutions over those that offered comprehensive security and efficiency. This cost-saving mentality extended to their equipment purchasing decisions, and the provider hesitated to invest in quality hardware. This approach not only resulted in a break-fix IT mentality but also contributed significantly to the vulnerability that eventually led to a ransomware attack. After the breach, it was discovered that their network had alarming vulnerabilities, such as open RDP ports, and their backup system lacked the sophistication required for modern business, leading to significant data losses.
With no formal business continuity or disaster recovery (BCDR) plan in place, and a mindset that undervalued the importance of robust IT infrastructure, the provider needed both immediate recovery solutions and a transformative approach to their IT strategy.
Riddle was engaged to address the immediate aftermath of the ransomware attack and to overhaul the healthcare provider's IT infrastructure. Beyond the technical solutions, Riddle recognized the need to address and correct the client's reluctance to invest in quality IT equipment and services, which had contributed to their vulnerability. Riddle began by securing the network and restoring data using the existing backup system. The network equipment was then updated to meet the security demands of a healthcare environment. Adopting modern security practices, Riddle introduced routine patching schedules and enforced multi-factor authentication (MFA). A comprehensive evaluation ensured that the healthcare provider was compliant with HIPAA regulations. To solidify the provider's future resilience, Riddle replaced the inadequate backup system with an advanced BCDR solution.
Thanks to Riddle’s intervention, the healthcare provider transitioned from a reactive, cost-driven IT approach to a proactive, security-focused one. By aligning IT strategy with industry best practices, the provider now ensures patient data safety and meets the rigorous demands of modern healthcare.
