Live
450,000+ new malware samples created dailyAV-TEST·Ransomware attack occurs every 11 secondsCybersecurity Ventures·43% of cyberattacks target small businessesVerizon DBIR·Average SMB breach costs $200,000IBM Cost of Data Breach Report·95% of breaches are caused by human errorIBM·Only 14% of SMBs are prepared to defend themselvesPonemon Institute·450,000+ new malware samples created dailyAV-TEST·Ransomware attack occurs every 11 secondsCybersecurity Ventures·43% of cyberattacks target small businessesVerizon DBIR·Average SMB breach costs $200,000IBM Cost of Data Breach Report·95% of breaches are caused by human errorIBM·Only 14% of SMBs are prepared to defend themselvesPonemon Institute·
KC
Kapacyber

Illustrative scenario. This is a composite example built from common engagement patterns we expect to encounter — not a real client. The business name, people, dollar amounts, percentages, and timelines are fictional and presented for educational purposes. Actual results vary based on environment, scope, and risk profile.

Case StudyHealthcare · Dental6 min read

How a Near-Miss Ransomware Attack Turned Into HIPAA-Aligned Defence in 90 Days

A 12-person, two-location dental practice came within minutes of losing every file on its front-desk PC. Eight months later, they have measurable protection, measurable savings, and one less thing to lie awake about.

Industry: Dental practice
Size: 12 staff · 2 locations
Plan: Business Protection Plus

Outcomes after 90 days

0

Successful ransomware attempts since onboarding

22%

Cyber insurance premium reduction at renewal

41% → 7%

Staff phishing simulation click rate

14 → 1

Open HIPAA high-risk register items

The Wake-up Call

"It was a Tuesday afternoon."

A hygienist clicked what looked like a routine insurance link — the kind that lands in their inbox a dozen times a week. Within minutes, file names on the front-desk PC began changing. The owner happened to be at the front desk, noticed something was wrong, and yanked the network cable.

The damage that afternoon was minimal. The damage the practice could have suffered — full EHR encryption, patient appointments cancelled for days, a HIPAA breach-notification obligation, potentially the end of the business — was catastrophic. The owner spent that night searching for someone who could help.

Before · What Our Initial Audit Found

A typical SMB security posture — which means significant exposure.

  • 3 Windows machines still running unsupported operating-system builds
  • No multi-factor authentication on email, EHR, or any admin account
  • Backups stored on the same office network as the EHR system
  • HIPAA risk assessment was more than four years out of date
  • Standard antivirus only — no endpoint detection & response (EDR)
  • No documented security awareness training programme
  • The practice owner was the de facto IT support

Bottom line: The owner wasn't negligent. They were running a busy practice with no time to learn cybersecurity — exactly the situation most SMBs are in.

The Engagement · 90-Day Plan

Stabilise first. Harden second. Then run quietly.

We don't try to fix everything in week one. We stop the bleeding, then build proper defences, then operate them around the clock.

1

Week 1

Emergency Stabilisation

  • Deployed enterprise EDR on every device across both locations
  • MFA enforced on email, EHR, and all admin accounts within 72 hours
  • Patched every device to the latest supported OS build
  • Disconnected legacy network shares housing backup files
2

Weeks 2–4

Build the Walls

  • Cloud-based, immutable backups deployed for EHR and M365 data
  • Conditional access policies applied to M365 (location + device trust)
  • Email security tuned for healthcare-specific phishing patterns
  • Security awareness training rolled out to all 12 staff
3

Month 2

Compliance & Hardening

  • Full HIPAA Security Rule risk assessment completed
  • Documented incident response playbook tailored to breach-notification timelines
  • First quarterly phishing simulation run as a baseline (41% click rate)
  • Shared-device policies and short auto-lock timers configured
4

Month 3+

Ongoing Operations

  • 24/7 monitoring with rapid containment of suspicious activity
  • Plain-English monthly security reports delivered to the partners
  • Quarterly partner review calls covering risks, incidents, and roadmap
  • Ongoing security awareness training plus monthly phishing simulations

After · 90 Days In

The numbers — and the things you can't put a number on.

  • 6 phishing attempts blocked at the email gateway within the first 90 days
  • EDR auto-contained 2 suspicious processes before they could reach any real damage
  • HIPAA risk register went from 14 high-risk items to 1 (a software vendor migration still in progress)
  • Cyber insurance underwriter moved them to a lower risk tier — 22% premium reduction at renewal
  • Staff phishing-simulation click rate dropped from 41% to 7% within two training cycles
  • Full onboarding completed in 18 days against a 21-day target

The intangible win: Front-of-house staff stopped seeing security as a burden and started treating it as part of the practice's standard of care.

"The peace of mind alone is worth what we pay. The monthly reports tell me what's been happening in a way I actually understand — not a wall of jargon. And when I'm with a patient, I'm not also worrying about whether our front desk just got phished."
DM

Dr. M.

Owner · Brightwell Family Dental (illustrative)

Illustrative scenario. Quote, names, and figures are fictional and presented to show the kind of engagement we're built for.

Related Reading

Compliance

Cyber insurance requirements in 2025 — what insurers now demand

Incident Response

What to do in the first 24 hours after a breach

Want a story like this for your business?

Most businesses come to us after a close call. You don't have to wait for yours. Book a free 30-minute assessment and we'll show you exactly where you stand — and what a 90-day path forward would look like.

Book Free AssessmentSee Healthcare Solutions