Case Studies

Ransomware Response for a Large Specialist Healthcare Provider


A large specialist healthcare provider suffered a ransomware attack, putting their sensitive data at stake. The client’s existing managed security provider was not equipped to engage with the threat actor, and since the healthcare provider did not intend on paying the ransom, they wanted to buy more time before the data was released or another attack occurred. FTI Cybersecurity was hired to assist with this process.


Our experts created a position paper for the client, providing in-depth intelligence on the threat actor and outlining their motivations, the proposed type of negotiation route, and the associated risks. In the event of the incident resulting in an inquiry, this document would be used as justification that the client took appropriate actions. After the client agreed on the plan, we created and presented a thorough negotiation strategy outlining the processes of the engagement. Our experts then began live negotiation with the threat actor, employing techniques to stall further action.


Our experts successfully secured several additional weeks during negotiation. This was enough time for the client to sufficiently protect their systems, begin the legal investigation required, and notify all relevant stakeholders and regulators involved before any data was released. We also provided strategic communications support to ensure their internal messaging prepared staff as the incident progressed and allowed their team to engage with the media in a way ensured only limited coverage.