How a physician-owned practice recovered from a ransomware strike

The chief information officer of OrthoVirginia discusses the 18-month recovery process following a Ryuk ransomware attack and explains how a cybersecurity roadmap and training led to a more thorough cyber hygiene plan. According to a JAMA report released earlier this year, about half of ransomware attacks have interfered with the delivery of healthcare among the major hospitals and healthcare systems. However, at smaller and medium-sized providers—often with smaller security budgets and fewer resources for recovery—such attacks can be much more than just bothersome; they can also completely disrupt medical delivery for days or even weeks. Two years ago, a Ryuk ransomware assault crippled access to workstations, imaging systems required for scheduled surgeries, backed-up data, and more at OrthoVirginia, Virginia's leading orthopedic medical and rehabilitation provider.