Containing a ransomware outbreak without disrupting patient care
When a ransomware strain began encrypting file servers across a 14-facility healthcare network, Brangus IT's incident response team contained the outbreak within 6 hours, preserving clinical system availability throughout.
The Problem
A phishing email delivered a ransomware payload that began spreading laterally through the network's flat architecture, threatening electronic health record (EHR) availability across all 14 facilities.
Our Assessment
Our incident commander was activated within 40 minutes of detection. Initial triage identified the ransomware family and its known lateral movement technique, informing an immediate containment strategy.
The Solution
We isolated affected network segments, disabled compromised credentials, and deployed emergency detection rules for the ransomware's command-and-control traffic, while a forensics team preserved evidence for regulatory notification.
Implementation
Following containment, we rebuilt affected systems from verified clean backups, implemented network segmentation between clinical and administrative systems, and delivered a root-cause report identifying the initial phishing vector.
Results
- Outbreak contained within 6 hours of activation
- Zero EHR or clinical system downtime during containment
- Full forensic timeline delivered within 72 hours supporting HIPAA breach notification
- Network segmentation project completed within 90 days, eliminating the flat-network root cause
Business Impact
Patient care continued uninterrupted throughout the incident, and the health network avoided the multi-week EHR outages seen in comparable industry ransomware incidents, protecting both patient safety and regulatory standing.
Engagement Results
6 hours
Time to containment
0 hours
Clinical downtime
14
Facilities protected
Facing a similar challenge?
Let's talk about what a comparable engagement would look like for your environment.