Ransomware Attack! What to Do on Day One | The Doctor Weighs In

The Doctor Weighs In
5 min readJul 28, 2019

By: Kali Durgampudi

Ransomware attacks are more prevalent than ever but recovery is possible if you follow the right best practices. Here’s what needs to be done on Day One.

Photo Source: iStock

Ransomware is surging, and it’s taking a toll on the healthcare sector. In fact, ransomware attacks on businesses increased by 195% in the first three months of 2019. The price tag of these attacks is growing too. In the first quarter of 2019, the average ransomware demand was 93% higher than in 2018.

Healthcare is the hardest hit of all sectors. Healthcare breaches accounted for 37% of all ransomware incidents. Therefore it is imperative that you know what to do ahead of time in case your practice or facility determines an attack is underway.

Let’s consider what you should do on Day One of a ransomware attack.

Ransomware attack! What to do on Day One

1. Discovery

Let’s say you work at a large medical practice. You begin to have trouble accessing an application or system that is a core component of your work. The server isn’t responding, so you contact the IT help desk. At the same time, the security team starts receiving alerts. These all are the early signs that ransomware is holding your organization hostage.

Once a ransomware attack is confirmed, immediate action must be taken. Infected servers and endpoints should be shut down to contain the impact of the attack. At the same time, IT and security teams need to investigate. Maybe the attacker gained access to the system by exploiting holes left by missing patches. Perhaps it was a phishing attack. Or maybe the hackers found another way in.

Related Content: Healthcare’s 2019 Top Cybersecurity Threats and What to Do About Them

2. Decisions

After confirmation of the attack, your organization — most likely at the executive level — has a big decision to make. Do you pay the cybercriminals? Or do you ignore the ransom demands, and get back to business by following your disaster recovery protocol?



The Doctor Weighs In

Dr. Patricia Salber and friends weigh in on leading news in health and healthcare