Insights & Coverage

What Is Happening Out There

Real incidents. Real organizations. The threat landscape that mid-market organizations face every day — documented from the practitioner perspective. These are not edge cases. They are Tuesday.

Healthcare ransomware attack
Breach Report · Healthcare

Ascension Health Ransomware Attack Disrupts Care Across Multiple States

In May 2024, Ascension — one of the largest U.S. healthcare systems — suffered a crippling ransomware attack that made electronic health records inaccessible across multiple states. Healthcare workers reverted to manual documentation. Emergency services were diverted. The MyChart system went dark. The incident exposed a fundamental gap: even the largest healthcare operators can be brought down when a single system fails under attack. For the thousands of mid-market regional hospitals with a fraction of Ascension's resources, the vulnerability is not smaller. It is greater.

May 2024 · Source: Multiple news outlets Healthcare
McLaren Health Care data breach
Breach Report · Healthcare

McLaren Health Care: 743,000 Patients Notified After Cyberattack

McLaren Health Care notified over 743,000 individuals that their personal information was seized in a cyberattack between July and August 2024. McLaren is a regional network — not a national enterprise. It is precisely the kind of organization that the current security market was not designed to protect at the level the threat demands. The breach demonstrates that mid-market health systems face the same adversarial sophistication as the largest providers, without the same resources to detect, contain, or recover.

2024 · Source: tech.co Healthcare
Healthcare data breach
Breach Report · Healthcare

Frederick Health Medical Group: 934,326 Patients Affected

Frederick Health Medical Group, a regional provider in Maryland, disclosed a cybersecurity breach affecting 934,326 patients. The organization serves a community of hundreds of thousands and operates without the enterprise security infrastructure that would allow it to detect, contain, or recover from an attack of this scale independently. The regulatory exposure alone — HIPAA notification requirements, potential fines, mandatory audits — exceeds what many regional providers can absorb. It is not a matter of negligence. It is a structural gap in the security market.

2025 · Source: tech.co Healthcare
PowerSchool school data breach
Breach Report · Education

PowerSchool: 62 Million Students and 10 Million Teachers Exposed

A December 2024 breach at PowerSchool — a cloud software provider serving over 6,000 K-12 schools across the U.S. and Canada — exposed sensitive records belonging to 62 million students and 10 million teachers. The breach targeted a single third-party vendor that thousands of under-resourced school districts depended on without dedicated security oversight. One unprotected entry point. Millions of families affected. The incident is a direct illustration of the supply chain vulnerability that defines the mid-market: when a single shared dependency fails, the damage does not stay contained to one organization.

December 2024 · Source: Cybersecurity Ventures Education
Helix Energy Solutions data breach
Breach Report · Energy

Helix Energy Solutions Data Breach Exposes PII of Thousands

Helix Energy Solutions Group, an international offshore energy services company headquartered in Houston, Texas, disclosed a data breach in 2026 that exposed personally identifiable information — including Social Security numbers and government-issued IDs — of thousands of affected individuals. Energy sector organizations sit squarely within CISA-designated critical infrastructure and are prime targets precisely because operational continuity is non-negotiable. A breach that forces even brief operational disruption at an offshore energy company carries consequences far beyond the organization itself.

2026 · Source: claimdepot.com Energy
Ameriprise data breach identity theft
Breach Report · Financial

Ameriprise Financial Data Breach Hits 48,000 Customers

Ameriprise Financial disclosed a data breach in April 2026 affecting nearly 48,000 customers across the United States. Personal data was exposed, with the company confirming long-term risk to affected individuals. Financial institutions of this size sit in the middle of the market — large enough to hold significant customer data, not large enough to have the same security posture as the major banks. The breach is a direct illustration of why mid-market financial organizations are among the most attractive targets: the data is valuable, the defenses are not enterprise-grade, and the regulatory consequences are severe.

April 2026 · Source: Fox News Financial
Under Armour data breach
Breach Report · Commerce

Under Armour Investigates Data Breach Stealing Customers' Personal Information

Under Armour disclosed a data breach affecting customer email addresses and personal information. The investigation confirmed that hackers accessed customer data, though the company reported no evidence of password or financial data theft at the time of disclosure. Commerce and retail organizations hold a particular exposure: their customer data is broadly distributed, their security investment is often scaled to margin rather than risk, and a breach that reaches millions of customers creates regulatory and reputational damage that no marketing budget can easily repair.

Source: CBS News Baltimore Commerce
Commentary · Pending Publication

The Unprotected Middle: The Case for Building Cyber Defense From the Ground Up

The breaches above are not random. They follow a pattern: organizations that are targeted like enterprises, without the resources to defend like one. This commentary — submitted to Dark Reading — makes the case for a different model: lower the minimum threshold for protection, accept deliberate trade-offs at the entry level, and build a collective intelligence network that makes every organization in it smarter over time. The smallest organizations are not the weakest link. Under the right architecture, they are the most valuable contributors.

Submitted to Dark Reading · 2026 Commentary
Research

Why the Smallest Organizations Are the Most Valuable Contributors to Collective Defense

The counterintuitive finding at the heart of federated AI-SOC architecture: the organizations with the least tuning and the lowest security budgets generate the richest learning signal for everyone in the network. Their confirmed incidents are harder-won, their environments less filtered, and their feedback loop more continuous. The math formalizes this: collective model quality scales as Q(N,t) = N × L × (1+r)^t, where every new node accelerates improvement for all others. Organizations that join because they have no better option end up being the most valuable contributors to the network that protects them.

Based on peer-reviewed research · 2026 Research