top of page
Search


The Ransomware Attack Ends in a Week. The Lawsuit Takes Two Years.
Marlboro-Chesterfield Pathology has just received preliminary court approval to settle a class action arising from a ransomware breach that hit the organization in January 2025. The attack is 18 months in the rearview mirror. The legal and financial consequences are only now being finalized. For every healthcare executive who still thinks of ransomware as an IT problem that ends when systems are restored, this case is the correction you need. What Actually Happened, and Why t

Rick Moore
4 days ago4 min read


When the Ransomware Writes Itself: What Autonomous AI Attacks Mean for Healthcare Governance
Researchers have now documented what many of us in healthcare security have been stress-testing as a near-term scenario: a fully autonomous, LLM-driven ransomware agent that conducted a complete attack campaign without a human operator directing a single step. This is not an academic thought experiment. It is an operational preview of the threat environment your security team will face, possibly before your organization's next board meeting. Healthcare executives need to hear

Rick Moore
Jul 65 min read


Remote Desktop Tools Are Healthcare's Front Door. Treat Them Like One.
The CISA Known Exploited Vulnerabilities catalog added SimpleHelp, a widely deployed remote support platform, this year after researchers confirmed an authentication bypass that allowed unauthenticated acceptance of OIDC tokens. That means an attacker can enter your vendor's remote support session without valid credentials. If you run remote support tools in your environment and you have not audited your vendor access pathways this week, that is where this post starts. Why Re

Rick Moore
Jun 305 min read


When Your AI Vendor Becomes Your Breach Vendor: The Xsolis Incident and What It Demands From Healthcare Leaders
The Xsolis breach is not another footnote in the HHS OCR breach portal. It is a signal that the threat model for healthcare organizations has fundamentally shifted, and most vendor risk programs have not kept up. When a single AI-powered business associate holds clinical and utilization data across multiple covered entities, a successful attack on that vendor is not a vendor problem. It is a system-wide PHI event affecting 1.4 million individuals across an unknown number of h

Rick Moore
Jun 295 min read


Amazon Bought Clinical Scale at One Medical. It Did Not Buy Clinical Security Maturity.
The ShinyHunters data extortion group has reportedly obtained 8.8 terabytes of data from One Medical, the Amazon-owned primary care provider, and is threatening to release it publicly. If even a fraction of that data contains protected health information, we are looking at one of the largest PHI exposure events in recent memory. Every health system executive, health plan board member, and digital health company leader should be paying attention, not because this is unpreceden

Rick Moore
Jun 235 min read


Business Associates Are Now the Weakest Link in Healthcare Security. Boards Need to Treat Them That Way.
The 2024 Verizon Data Breach Investigations Report put a number on something I have been telling healthcare executives for years: healthcare leads every major industry in third-party breach exposure. This is not a streak of bad luck. It is a structural failure in how covered entities manage their vendor ecosystems, and HHS OCR is running out of patience. The Vendor Layer Has Become Healthcare's Largest Attack Surface Healthcare's dependency on Business Associates is unlike an

Rick Moore
Jun 165 min read


MTC Group LLC is now a certified Service Disabled Veteran Owned Small Business (SDVOSB)
It took me several weeks of online information gathering/processing/submitting, but I'm now an officially recognized Veteran's...

Rick Moore
Dec 22, 20211 min read


Rick’s Read on Hiring & Leading Tech Talent
As an executive technology leader, I'm often asked how to build successful "tech teams." As I have moved into roles of greater...

Rick Moore
Sep 30, 20213 min read
bottom of page