Redazione RHC : 9 July 2025 11:16
Very often on RHC, we talk about cyber attacks and ransomware.
But this time, we want to go further. We want to talk about the companies that didn’t make it, those companies that after a cyber attack were unable to restart and were forced to close their businesses. Large and medium-sized companies that didn’t understand how cyber security, in such a globalized world, had to be a priority, on par with the business itself.
We want to tell the stories of those companies that, after suffering a cyber attack, had to close their doors, attracting media attention. However, the reality is that most of the affected businesses – often small and unknown – go bankrupt quietly, without even a mention in the newspapers. It is precisely these companies, lacking the resources to recover, that represent the most dramatic and invisible part of this crisis.
In fact, according to the National Cyber Security Alliance, 60 percent of small businesses fail six months after a cyber attack. This was stated by Lamar Smith, chairman of the House Science, Space, and Technology Committee, in a 2011 conference when the NIST Small Business Cybersecurity Act was passed.
Even if this message hasn’t been widely accepted (especially given its dramatic nature), it’s important to say that a cyber attack is something that divides a company’s time between the “before” and the “after.” And now we’ll see why.
There are many companies that have failed due to a cyber attack, whether due to the theft of intellectual property or for the blocking of their respective infrastructures. There are countless small businesses going bankrupt today due to ransomware that don’t make the news, even though they generate unemployment and regret for not having done what needed to be done sooner.
Now we’ll tell you some case studies that have taught us that cybersecurity is essential today, that it must be considered within strategic plans, organizational charts, and human resources, as one of the most important activities to implement to protect the business.
The American healthcare organization St. Margaret’s Health (SMH) permanently closed its facilities in Peru and Spring Valley, Illinois, on June 13, 2023. The closure affects hospitals. SMH said a 2021 ransomware attack was partly responsible for the closure. The ransomware attack occurred in late February 2021 and caused a computer network outage at a hospital in Spring Valley, impacting all web operations, including the patient portal. The Peru branch was unaffected at the time, as it operated on a separate system. The incident, according to organization representatives on social media at the time, impacted the hospital’s ability to bill patients and receive timely payments for services rendered. And these systems were shut down for three whole months.
Vastaamo was a private Finnish psychotherapy clinic founded in 2008. On October 21, 2020, Vastaamo announced that its patient database had been stolen. The attackers demanded 40 bitcoins, approximately €450,000 at the time, threatening to publish the stolen data. The extortionists began publishing hundreds of medical records a day on an onion network site to increase pressure for their demands. The leaked patient data contained patients’ full names, home addresses, Social Security numbers, and therapists’ and doctors’ notes for each session. After their extortion attempt on the company failed, the attackers sent the victims an email demanding they pay €200 within 24 hours to prevent their data from being published online. The company eventually filed for bankruptcy.
It was a 61-year-old telemarketing company in the UK that failed to recover after a ransomware attack, shaking the entire world after its bankruptcy announcement just days before Christmas 2019. leaving around 300 employees unemployed. As the company announced the decision in a Facebook post, CEO Sandra Franecke admitted that the ransomware attack that had hit the company two months earlier had caused enormous losses.
This was an American healthcare provider, which had to shut down its services due to a cyberattack in 2019. The facility suffered a ransomware attack in August 2019, locking out patient data. According to reports, the attack caused irreparable damage to the systems, making file recovery virtually impossible. Wood Ranch Medical ultimately announced the permanent closure of its services until December 17, 2019.
Even security experts can run into problems with hackers. This happened to FlexiSpy, which had to shut down after hackers provided Motherboard reporters with 13,000 account details of the company’s hacked users, as well as all the data deleted from the company’s servers. Another similar company called Retina-X was also shut down by the same hacker group, reminding Italians of Hacking-Team.
Code Spaces, a source code hosting service that offered a suite of project management tools to its users, was forced to shut down following a devastating hack that wiped out a large amount of data, backups, and server configurations. This all happened after attackers launched a DDoS attack accompanied by an intrusion into Code Spaces’ Amazon EC2 control panel. Even after the attack, the company was unable to resolve the issue and refund customers who were left without the service they had paid for. This led to a massive loss of credibility and financial problems for the company on the market, and ultimately to the complete closure of its services.
DigiNotar was a Dutch certification authority owned by VASCO Data Security International, Inc. On September 3, 2011, cybercriminals penetrated DigiNotar’s internal systems and issued fake security certificates so they could impersonate web companies. The certificates are believed to have been used to intercept the Google email accounts of approximately 300,000 people. After it became clear that a security breach had led to the fraudulent issuance of certificates, the Dutch government took over operational management of DigiNotar’s systems. That same month, the company was declared bankrupt.
Cybersecurity is a complex subject, divided into numerous “subspecialties”; But like all complex things, if you want to get started, it can be difficult to identify a simple approach.
Indeed, many might feel confused about what the first steps to take to protect or improve their cyberspace are. In this chapter, we want to provide you with a guideline, which may not be definitive, but certainly the beginning of a journey. So, what do you need to do to start a cyber program?
To simplify as much as possible, we can divide this chapter into two subchapters:
We won’t dwell on the long-term program, as it involves starting a real cyber program in all respects. But instead, we want to provide a key to understanding the first program, the fastest one, the one with the most contingency.
The short-term program is equivalent to performing a reconnaissance of vulnerabilities on the external layer, to mitigate the threat of a potential hacker who wants to abuse our systems to acquire intellectual property, launch ransomware, or exploit our infrastructure for other purposes.
So, for now, let’s forget about GDPR, security by design, security requirements, threat intelligence, the SOC, and all the well-written cybersecurity literature.
We’ll leave that for the long term. Now we just want to significantly reduce the threats looming over our infrastructure.
Let’s see what we need to do:
If you’ve never done this, it’s time to think seriously about it.
But this is absolutely not the end point, but rather just the initial assessment and start doing it seriously, because companies fail. And the next one could be yours.
Redazione