Organized crime, and now in some cases, nation-state actors, have amassed substantial financial gain by taking healthcare networks hostage. With each success and ransom paid, more ransomware attacks are guaranteed. While this may sound like a technology problem — and it is — it’s more than that. In healthcare, there are downstream effects for every event. Whatever happens with data eventually affects a human being.

This ransomware guidance whitepaper describes the business and technical aspects of preparing for and responding to a ransomware attack. The author intends for this paper to be used by risk, compliance, security, and operational personnel responsible for creating, configuring, and operating HIPAA- and GDPR-regulated environments.

This whitepaper contains information to:

  • Plan for a ransomware attack.
  • Architect a cloud environment capable of thwarting and recovering from an attack.
  • Detect the indicators that could lead to a ransomware attack.
  • Appropriately respond to a successful attack.
  • Conduct the required analysis to determine whether the attack is reportable.
  • Recover from the attack.