It didn’t take a sophisticated attack or a complex system failure to cause widespread disruption; just one missing control was enough to change everything.
Sometimes resilience fails in the smallest, most preventable ways.
Last year, attackers exploited the absence of multi-factor authentication on a critical access point, triggering a chain reaction no organization wants to experience. This was not a sophisticated zero-day or nation-state attack, but a straightforward intrusion that enabled ransomware and disrupted healthcare operations across the United States.
The consequences were immediate, measurable, and deeply human.
Two-factor authentication (2FA) is widely recognized as a foundational security measure. Its absence enabled:
This is not about advanced tooling. It’s about baseline discipline.
| Area Affected | Outcome |
|---|---|
| Healthcare operations | Disruptions across multiple facilities |
| Patient data | ~33% of patient records exposed or at risk |
| Financial cost | Over $3 billion in total impact |
| Operational continuity | Delayed care, system outages, emergency procedures |
| Human impact | Patients, clinicians, and staff affected immediately |
This incident underscores a critical reality:
One missing control did not just compromise systems—it disrupted care delivery and placed real people at risk.
Missing controls are symptoms of weak standards, ownership, and oversight. Critical controls must be consistently applied and verified across essential services. In regulated, mission-critical sectors, basic control failures can scale into multi-billion-dollar losses and repetitional harm.
This is one example among many. The lesson is clear:
Small gaps create massive failures.
The full breakdown and context are available in the original video linked above.