By Troy Cruzen, vCISO, Fortified Health Security
LinkedIn: Troy Cruzen, MSCS, MBA
LinkedIn:Fortified Health Security
Now that Thanksgiving is behind us and the holiday season is in full swing, this is the time of year when security teams start to worry, and for good reason. Attackers know people are distracted, short-staffed, and ready for some time off. They plan around that.
Every year, we see it: Incidents tend to happen before or during holidays.
- The Kaseya ransomware attack landed over the Fourth of July weekend.
- Colonial Pipeline was hit right before Mother’s Day.
- I’ve seen healthcare systems attacked on Christmas Eve and New Year’s when only a few people were on call.
That timing isn’t random. It’s when response times are slowest, and attackers get the longest head start.
The truth is no one wants to run tabletop exercises in December. Everyone’s focused on closing out the year, finishing projects, and trying to take some time off. But there are a few simple things that actually work and don’t require a big lift or new tools.
Here’s what helps most:
- Double-check coverage. Make sure everyone knows who’s handling alerts, who can make decisions, and how to reach them. If someone’s off, assign a clear backup.
- Many times, the people working nights, weekends, and holidays are junior folks. And there’s nothing wrong with having that be the plan. I’m not suggesting that senior personnel can’t ever take time off, but our teams must be trained and capable of handling their tasks during all hours.
- Lean on your partners. If you use an MSSP or MDR, tell them your coverage schedule. They can adjust escalation paths and keep a closer watch while your staff is out.
- Handle maintenance now. Patch systems and verify backups before the holidays hit. You don’t want to be rebooting critical systems on Christmas Eve. As much as we love coming into the office, this is the classic Titanic hitting the iceberg situation we’re trying desperately to avoid.
- Watch for social engineering. Expect a spike in phishing and payment scams. Send a quick reminder to your teams to slow down, verify requests, and be cautious with links. We hear all the time from clients that do active phishing campaigns, “these emails are too good at tricking our users and some even contain Black Friday deals.” Those are exactly the attempts that the bad guys will use and succeed with, too. We need to practice based on real-world scenarios, not satisfy our comforts and lose our edge.
- Communicate clearly. A short internal message before people leave, reminding everyone how to report suspicious activity, is often enough to stop an attack from spreading. Communication is a common denominator for success and failures; let’s make sure to put this in the win column.
Healthcare organizations are especially vulnerable during this time. When systems go down, it’s not just about business continuity. It affects patient care, scheduling, and trust. That’s why even small steps like clear communication and coverage planning make a huge difference.
Cybercriminals love the holidays because they know we’re human. We’re tired, distracted, and focused on family. They count on that. A little attention now can keep your holiday season calm instead of chaotic.