Healthcare Cybersecurity Resilience: Responding to a Ransomware Attack in Oncology

A Texas-based cancer treatment center suffered a ransomware attack, taking down their network and technology infrastructure, preventing patients from receiving critical chemotherapy treatments, forcing them to travel miles away to alternative facilities, and endangering patient care.

Situation

A Texas oncology center, responsible for administering chemotherapy to hundreds of patients, was brought to a standstill when ransomware actors infiltrated their network through a vulnerable firewall device. The attackers encrypted patient treatment schedules, medical imaging files, and infusion system controls, rendering the hospital unable to administer chemotherapy and other life-saving treatments. 

With no immediate access to patient records, doctors and nurses were forced to divert patients to another cancer center over 50 miles away, causing treatment delays, logistical challenges, and potential harm to immunocompromised patients. 

Solution

A Digital Forensic and Incident Response team was engaged to analyze the attack, contain the threat, and restore critical systems as quickly as possible. Simultaneously, Ransomware Negotiation experts engaged with the attackers to evaluate decryption options while working on alternative recovery methods to mitigate operational downtime. 

Cyber forensic analysis identified the point of entry, allowing containment within 96 hours and enabling a structured, phased recovery plan that prioritized EHR restoration and treatment scheduling systems. The hospital’s leadership was advised on reporting and notification requirements under HIPAA and HITECH regulatory compliance obligations as well as patient safety protocols, and the forensic team orchestrated a rapid security overhaul to strengthen cybersecurity and prevent future attacks.

Success

By engaging digital forensics, incident response, and ransomware negotiation professionals, the oncology center expedited their data recovery and resumed their chemotherapy treatments within 96 hours. While the hospital initially prepared for a prolonged outage, the team’s proactive threat containment and forensics-driven remediation plan significantly reduced downtime and expedited the restoration of essential services. 

Following the incident, the forensic restoration team implemented network segmentation, endpoint detection and response, and 24/7 threat monitoring, ensuring future cyberattacks would not impact patient care. The hospital’s leadership also adopted a vulnerability and patch management program as part of its cybersecurity defense hardening and maturation, further securing patient treatment operations.