Talk to an expert

How Lumifi Rescued a Healthcare Company from a Devastating Ransomware Attack and Transformed Their IT Infrastructure

Executive Summary

A healthcare company with multiple service locations experienced a severe ransomware attack that completely shut down their systems. Lumifi, alongside other partners, BOK and Solytics Partners, provided critical project and remediation services. This case study explores how Lumifi's intervention not only resolved the immediate crisis but also transformed the healthcare company's IT infrastructure, significantly enhancing their security posture.

Client Background

Company Size: 500 Employees

Industry: Healthcare

Locations: 11 service locations, 2 corporate locations

What happened?

A large healthcare company fell victim to a ransomware attack on all their systems. Leadership was alerted in the middle of the night when the attack took place. Employees could not access their files, there were ransom notes on computers, the entire environment was down and the company was forced to operate without immediate access to patient information and other valuable resources accessible through infected devices.


The healthcare company had an IT department but lacked a Security Operations Center (SOC) for monitoring. This lack of protection left them vulnerable to a ransomware attack, which occurred unexpectedly in the middle of the night. The entire system was down, and no one could access files, bringing the business to a standstill.

Specific Challenges:

  • No SOC monitoring in place.
  • Complete system shutdown with ransom notes on computers.
  • The need for immediate forensic analysis and recovery.
  • Insufficient hardware and reliance on web-based technology.
  • Data recovery and system reconfiguration.

Challenge Impact:

  • Employees were sent to brick-and-mortar stores to purchase as many laptops as possible in attempt to gain access to patient data. Some employees brought in personal devices.
  • Email was offline for a week and a half because of the attack, many employees used personal emails.
  • Employees had to save documents on a USB and take them to a printer if they needed something printed.

Lumifi's Intervention

Initial Response:

  • Emergency Call: Upon discovering the ransomware attack, the healthcare company contacted their bank (BOK), which referred them to Lumifi.
  • Immediate Actions: Lumifi's team got involved to assess the situation and provide immediate support.

Steps Taken:

  1. Collaboration with IT Forensic Experts: Brought in an incident response firm for forensic analysis.
  2. Onboarded New Devices with Updated Security: Educated employees on how to securely use devices purchased by the healthcare company to replace infected devices.
  3. System Monitoring: Installed Palo Alto Cortex XDR to enable SOC monitoring by Lumifi.
  4. Device Management: Increased the number of monitored devices to about 463.

Long-term Solutions:

  • New Cloud Infrastructure: Solytics designed a new cloud infrastructure with virtual desktops and cloud servers, eliminating the risk of hardware failure.
  • Software Transition: Transitioned from on-premises Microsoft Exchange to cloud-based Microsoft 365.
  • On-Site Support: Sent personnel to assist with logging in and using the new systems.
  • Policy Customization: Worked with Lumifi SOC to customize security policies using Solytics.


Recovery and Improvement:

  • Rapid Recovery: Despite initial chaos, patient data was recovered within days, and full operational recovery was achieved within three to six weeks.
  • Enhanced Security: Implemented continuous monitoring and improved security measures to prevent future incidents.
  • Infrastructure Overhaul: Migrated to a robust, cloud-based infrastructure, reducing the risk of future attacks and hardware failures. Full migration was achieved about five months after the incident.

Quantifiable Outcomes:

  • Device Management: 463 devices now monitored by Lumifi’s 24x7x365 SOC
  • Operational Efficiency: Significant reduction in downtime for future incidents.

Client Sentiment:

  • Before: IT was isolated and undervalued. There was a lack of awareness regarding the importance of cybersecurity.
  • After: Increased awareness and trust in IT security measures. Lumifi is now seen as a trusted advisor, and there's a stronger focus on continuous improvement in security.
Healthcare Ransomware Case Study



Company Size


Technology Partners

Share This

Related Articles

🚨 New Webinar Alert! 🚨

Q2: SOC Quarterly Threat Briefing

🗓️ Date: July 24th, 2024
🕒 Time: 11 AM (PT)

Secure Your Spot!
Privacy PolicyTerms & ConditionsSitemapSafeHotline
magnifiercrossmenuchevron-down linkedin facebook pinterest youtube rss twitter instagram facebook-blank rss-blank linkedin-blank pinterest youtube twitter instagram