Author Archives: Megan Carnes

In February, hackers took Change Healthcare offline in one of the most high-profile and wide-reaching cyberattacks to date. Change Healthcare serves hundreds of thousands of providers in the U.S. and processes billions of transactions every year. With Change Healthcare’s systems compromised, cash stopped flowing for hospitals and physician offices everywhere. Providers couldn’t submit new claims, pharmacies couldn’t charge appropriately for prescriptions, and prior authorizations couldn’t go through for critical procedures.

The healthcare industry poses a unique set of challenges when it comes to its cybersecurity framework. Hospitals, doctors’ offices, and local clinics are all home to vast amounts of sensitive patient and employee data. Hospitals alone store about 50 petabytes of sensitive data every year. In order to operate seamlessly and provide the best care possible, these healthcare havens need to ensure that their IT stack is robust. Cyber threats are rampant and have the potential to jeopardize patient privacy and safety, while also disrupting healthcare services to those in need and compromising the organizational integrity of the healthcare facility.

It has been about a year since the SEC enacted its cybersecurity disclosure mandate, which requires the disclosure of any material cybersecurity breach on form 8-K, item 1.05, as well as cybersecurity-specific additions to companies’ annual 10-K filing.

Companies may still be grappling with questions surrounding the new rules and processes needed to meet the SEC’s requirements.

Kevin Landt, the VP of Product for Cybersecurity at Thrive, explains how understanding third-party vendor risk can help companies fortify their cybersecurity chain from potential issues. This article originally appeared in Insight Jam, an enterprise IT community that enables human conversation on AI.

In the event of a cyberattack, companies – especially small to mid-sized businesses – often face losses so great they risk pulling their business under. With the number of ransomware attacks, phishing schemes, and data breaches on the rise, it only makes sense that business leaders and owners take steps to protect their businesses by investing in insurance – the same way they would protect company property and assets.

What’s the difference between a managed service provider (MSP) and a managed security service provider (MSSP)? About 20% of EBITDA margin-according to Rob Stephenson, CEO of Thrive, a global MSP/MSSP with headquarters in Boston, who noted this during a panel discussion at a TMT event earlier in the year, moderated by MSP Success and TMT CEO Robin Robins.

In October 2023, the St. Lucie County Tax Collector’s Office (TCSLC), an essential government entity in Florida serving more than 470,000 customers and processing 670,000+ transactions annually, experienced a significant cyber-attack that disrupted services and exposed vulnerabilities in its IT infrastructure. This case study details how Thrive, a leading Managed Security Services Provider (MSSP), assisted TCSLC in recovering from the attack, enhancing cybersecurity measures, optimizing IT systems for better protection/resilience and strengthening the office’s defense against future threats.

Why Thrive Was Chosen

TCSLC operates as an independent constitutional officer with a budget that is approved by the Department of Revenue, rather than the Board of County Commissioners. Initially, TCSLC managed its servers locally, but migrated to the county’s virtual network with a goal of improving management and security. This decision ultimately caused many challenges for TCSLC as leaders attempted to maintain a continuity of service following the cyber-attack.

TCSLC got creative in the months that followed, utilizing all available resources including the state of Florida’s FlowMobile buses to complete DMV-related transactions and hotspots with laptops to handle tax payments. Those months proved more challenging for the office than operating during COVID-19.

During this time, TCSLC also prioritized deploying advanced security measures to protect its operations at its three locations. When it came time to seek assistance from an IT security expert, partnering with Thrive was a clear choice because of the company’s strong reputation, explains St. Lucie County Tax Collector, Chris Craft. “I first became aware of Thrive through the company’s involvement with Florida’s Orion state network. I also received a recommendation from a Polk County, Florida official who had first-hand experience with Thrive, which was incredibly valuable. Thrive’s proven track record in dealing with complex security issues made them the obvious choice for us.”

Strategic Deployment of Advanced Security Measures

Thrive was crucial in redesigning the office’s IT domain to bolster security. This involved implementing next generation firewalls and managed detection and response (MDR) solutions for end users, Office 365, network devices and patching services. Additionally, Thrive provided vulnerability scanning services, set up private Cloud infrastructure with secure servers and storage and enhanced data protection measures.

The restoration process involved managing three office locations. The Tradition branch was used as a temporary lifeboat while forensics were completed on the leading network at the main office in Fort Pierce. “The new firewall at our Tradition branch in Port St. Lucie was crucial. It allowed us to isolate the network and gradually restore services while protecting the rest of our operations,” Craft explained. It took about two and a half weeks to reopen the Tradition office, another week to get the Fort Pierce office operational, and another week for TCSLC’s third location, the Walton Road branch, to be back in operation. The phased approach ensured all locations were carefully restored according to the necessary processes and procedures.

“Had we implemented these processes earlier, we might have been able to prevent the entire scenario we just went through. We’re actively spreading this message across Florida, encouraging other tax collectors to examine our new domain and consider partnering with Thrive,” stated Craft.

Thrive’s Impact

The partnership with Thrive significantly enhanced TCLSC’s cybersecurity posture. Thrive’s 24/7 network monitoring added a crucial layer of protection, providing peace of mind by ensuring that any potential threats were promptly detected and addressed. “Since partnering with Thrive, I sleep better at night knowing that their 24/7 monitoring and advanced security measures protect our systems around the clock. Their expertise provides the reassurance we need to manage our operations confidently,” said Craft.

Thrive’s professional guidance and real-life case studies also played a vital role in educating the office about best practices for cybersecurity. Craft noted, “Thrive’s professional guidance and real-life examples have been critical in helping us make informed decisions about our cybersecurity.”

Additionally, the new security measures and redesigned domain improved the office’s ability to withstand and respond to cyber threats, enabling it to navigate future challenges with greater confidence and stability.

“What sets Thrive apart is their expertise — their cybersecurity professionals truly make a difference in protecting our operations.” ~ Chris Craft, St. Lucie County, Florida Tax Collector

About Thrive

Thrive delivers global technology outsourcing for cybersecurity, Cloud, networking, and other complex IT requirements. Thrive’s NextGen platform enables customers to increase business efficiencies through standardization, scalability, and automation, delivering oversized technology returns on investment (ROI). They accomplish this with advisory services, vCISO, vCIO, consulting, project implementation, solution architects, and a best-in-class subscription-based technology platform. Thrive delivers exceptional high-touch service through its POD approach of subject matter experts and global 24x7x365 SOC, NOC, and centralized services teams. Learn more at www.thrivenextgen.com or follow us on LinkedIn.

With all the recent hype, many may not realize artificial intelligence is nothing new. The idea of thinking machines was first introduced by Alan Turing in the 1950s, and the term “artificial intelligence” was coined nearly 80 years ago. However, the technology has gained new notoriety thanks to the introduction of generative AI. Yet, the buzz has come with hesitations around things like implementation, training, and ultimately, security.

Thrive, backed by private equity firm Court Square Capital Partners and founded in 2000, sets itself apart from the pack with a security-first mindset.

“There is nobody who does what we do today, end to end,” Bill McLaughlin, president, Thrive, explained to ChannelE2E.

Concord, Massachusetts-based Thrive’s comprehensive approach includes a robust MSSP practice, advisory services with virtual CIOs, and a sizable cloud practice, McLaughlin said. He added that Thrive’s integrated platform, powered by ServiceNow, allows them to offer a unique value proposition, combining traditional help desk services with advanced cybersecurity, cloud solutions, and infrastructure assessments.

It’s been a year since the Securities and Exchange Commission (SEC) adopted its Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure rules, and about six months since they have been in effect. These mandates require organizations to disclose any material cybersecurity incidents they’ve experienced as well as report material information regarding their cybersecurity risk management, strategy, and governance annually.