We don't run coastal mega-campuses out here. We run clinics, banks, stores, plants, and firms that keep families fed and paychecks on time. In the last year I've seen too many "we'll check it Monday" plans meet a Friday-night ransomware crew.
That's not fate. That's fixable.
This report is the map I wish every owner had: what's hitting Panhandle businesses, which controls actually move risk and insurance, and the 30-day stabilization plan we use in the field.
"Stewardship matters. If you carry responsibility for people, data, and payroll, you count the cost before the bill shows up."
— Josh KnightonThe Numbers Tell the Story
It's Happening Here
In late November 2023, BSA Health System (Ardent) in Amarillo diverted ER traffic during a ransomware outage. Operations resumed, but the diversion was real and on our doorstep.
In January 2024, rural water systems serving Muleshoe, Hale Center, and Lockney reported cyber incidents, including a tank overflow. State reporting tied activity to a Russia-aligned group. Rural isn't invisible.
⚠️ Healthcare Under Fire
Dental Group of Amarillo reported unauthorized access in October 2023 and recently agreed to a class-action settlement. The attacks are real, local, and expensive.
Timeline of Panhandle Cyber Events
Dental Group Compromised
Unauthorized access discovered, patient data exposed, legal action follows.
Hospital ER Diversion
BSA Health System diverts ambulances during ransomware response.
Water Systems Attacked
Multiple rural systems report incidents, tank overflow confirmed.
New Privacy Law
TDPSA takes effect, 30-day breach notification requirement begins.
The Five Controls That Matter
No scare-tactics. Just gaps I keep finding on intake:
- Identity: MFA on email and admin accounts is still spotty under 100 seats, even though insurers treat it as table stakes.
- Endpoints: Legacy AV is common. True EDR with 24/7 humans is rarer. Carriers increasingly nudge MDR or SOC.
- Backups: Backups exist, but immutable or offline copies and tested restores lag.
- Email: Base filtering is on. Advanced filtering and regular awareness training are uneven; email-driven incidents dominate claims.
- Patching: Edge appliances and third-party apps are a soft belly; internet-facing vulns stay hot.
What Good Protection Looks Like
| Capability | EDR Only | MDR (24/7) | Managed SOC |
|---|---|---|---|
| Detect ransomware | ✓ | ✓ | ✓ |
| Quick containment | △ | ✓ | ✓ |
| After-hours coverage | ✗ | ✓ | ✓ |
| Insurance friendly | △ | ✓ | ✓ |
| Best fit | Small, low-risk | Most SMBs | Multi-site/Regulated |
Your 30-Day Stabilization Plan
✓ Day 1: Emergency Lockdown
Enforce MFA on email and all admin accounts. Kill exposed RDP. Push EDR to 100% of endpoints.
✓ Week 1: Critical Hardening
Harden email with sandboxing. Create immutable backups. Patch internet-facing systems.
✓ Week 2: Network Defense
Segment networks. Centralize logs. Draft incident communications.
✓ Day 30: Validation
Run ransomware tabletop. Complete insurance checklist. Deliver evidence pack.
The Cost of Being Down
Healthcare puts hard numbers to it. Industry studies estimate roughly $7.5k–$7.9k per minute of hospital downtime on average. For clinics, many solo dentists target roughly $3.7k–$6.9k/day in production.
A frozen day hurts fast.
Get Your Security Readiness Scan
Join Texas Panhandle businesses that trust TwoFish for pragmatic, defense-in-depth security.
Schedule Free 90-Minute SessionWhat We Stand Behind
We build pragmatic, defense-in-depth programs that meet Texas practicalities, insurance expectations, and CISA guidance. What matters is what you can audit: MFA enforced, EDR active, backups that actually restore, alerts watched, incidents contained in minutes.
"Be watchful. Count the cost. Do the boring basics relentlessly. Out here, quiet weekends keep the doors open on Monday."