
Palomar Health Ransomware Attack Incident Review
The recent ransomware attack on Palomar Health serves as a sobering reminder of the devastating impact cyberattacks can have on healthcare institutions and other businesses. On May 5, 2024, this cyberattack led to severe operational disruptions, compromising sensitive patient data and rendering critical systems offline for nearly two months. In this blog, we’ll explore the lessons learned from the Palomar Health breach and outline essential cybersecurity measures for small and medium-sized businesses (SMBs) to implement.
Incident Overview
Palomar Health, a prominent healthcare provider, was hit by a ransomware attack that caused widespread operational chaos. The attack disrupted communication channels, including phones, faxes, and patient portals, and compromised sensitive data, including patients’ personal, medical, and financial information. The systems have remained offline for nearly two months, severely impacting patient care and communications. The breach has already resulted in at least one class action lawsuit and ongoing investigations into potential violations of patient privacy laws.
Why This Matters to SMBs
Ransomware is a persistent threat affecting businesses of all sizes, not just large enterprises. SMBs are particularly vulnerable due to limited resources and often inadequate cybersecurity measures. The Palomar Health incident highlights the importance of proactive cybersecurity strategies to prevent similar incidents and avoid downtime during incidents.
1. Multi-Factor Authentication (MFA)
MFA is a vital security measure that adds an additional layer of protection. Even if an attacker gains access to a password, MFA can prevent them from accessing the account without the secondary authentication factor during a Business Email Compromise (BEC) Attack.
- Deploy 2-step verification (Google Workspace Admin Help)
- Set up multifactor authentication for Microsoft 365 (Microsoft Learn)
Deploy 2-step verification (Google Workspace Admin Help) Set up multifactor authentication for Microsoft 365 (Microsoft Learn)
2. MDR Everywhere
Continuous threat monitoring is essential in today’s cybersecurity landscape. Managed Detection and Response (MDR) services provide round-the-clock protection by detecting, analyzing, and responding to threats in real time. Palomar Health’s extended downtime highlights the importance of having MDR detect and neutralize threats before they escalate.
3. Password Management
Passwords are the foundation of security, and we take their creation, management, and monitoring seriously. Our industry-leading zero-trust password manager is given to all of your employees/contractors and ensures organizational password policies are met while allowing you to audit your organization-wide and employee-specific password habits quickly. Furthermore, users benefit from automatic notifications when their passwords are found in a data breach or do not follow organization standards.
4. Business Continuity and Disaster Recovery (BCDR) Planning
SMBs should develop and regularly test BCDR plans to ensure that in the event of a ransomware attack or other disaster, they can minimize downtime and continue operations. This includes having secure backups, clear communication protocols, and predefined recovery steps to restore systems and data swiftly. Test BCDR plans with a table top exercise and make continuous updates.
Performing a table top exercise (WatchDog Security) Creating a BCDR Plan (WatchDog Security)
Total visibility. Zero blind spots. WatchDog helps you monitor every user, service account, and system across Cloud, SaaS, and devices -flagging misconfigurations and risks the moment they arise.
- ➕ Asset management – Add and track your own assets easily across Cloud, SaaS + On-Prem
- Identity monitoring – Limited to Google Workspace & M365 Non-Human Identities on free plan
- 🔧 SaaS + Cloud hardening checks – Spot misconfigurations before they become risks
Get started free today – no credit card required.

