Incident Response Services

A medical care company has been serving the community with a dedicated team of 70 employees. Unfortunately, they fell victim to a severe cyber attack where crucial data was encrypted by a ransomware strain. The initial demand from the hackers was a whopping $900,000, placing the company in a precarious situation.

Reviewed on
900,000 USD

Ransom request

- 83%

Ransom reduction

72 Hours

For full recovery


Jobs saved

Incident Response Process

Upon detecting the ransomware attack, the company’s IT staff immediately activated the incident response (IR) Plan, which included contacting Proven Data. 

Our team assumed the ransomware removal and recovery task. After intense discussion, we successfully reduced the ransom demand to $150,000 – a significant cut from the initial $900,000.


The incident response was effective, with the company regaining full operational capability in just 72 hours from the start of the attack. This case study emphasizes the importance of a well-prepared incident response plan, capable staff, and constructive negotiation skills. 

It also highlights the urgent need for organizations, especially those in sensitive industries like medical care, to invest in security measures that can prevent such cyber incidents. 

As cyber threats become increasingly sophisticated, proactive security measures, regular employee training, and a robust Incident Response plan are no longer optional, but a necessity.

Steps Taken for Full Recovery

Using the acquired decryption keys, the team began the process of decrypting the affected data and systems. This was a time-consuming process, but essential for restoring normal operations.

Post-decryption, the systems were slowly brought back online. Extra caution was taken to avoid any potential remnants of the ransomware causing further issues.

The team performed an in-depth review of the decrypted data to ensure its integrity and completeness. This was crucial to ensure that all patient information was accurate and fully recovered.

Post-attack, the company implemented enhanced security measures to prevent similar future incidents. This included employee training on cyber threats, updating security software, and regular system audits.

After 72 hours, the company was able to resume normal operations. This quick recovery time minimized the disruption caused by the attack and allowed the company to continue serving its patients.

The company conducted a post-incident review to understand the events leading up to the attack, the effectiveness of the response, and areas for improvement. This review is part of an ongoing effort to strengthen the company’s resilience against cyber threats.

The Results

What made Proven Data successful here?

In-house Technical Expertise
Threat Intelligence
Continuous Learning and Adaptation

Contact our Data Recovery Experts ​​

Your data integrity and
security - resolved
Platform partnerships