Cybersecurity Audit & Incident Remediation: Restoring Confidence and Data for A Multi-Location Physical Therapy Group

The Challenge: Protecting Patient Data During Recovery & Remediation

AlphaRidge was enlisted by a large Physical Therapy Group (PTG) to remediate a critical ransomware incident. A multi-location healthcare organization that specializes in providing comprehensive physical therapy services which include an extensive network of clinics and practitioners, PTG relies heavily on its Electronic Health Record (EHR) and Practice Management (PM) applications to manage patient data and ensure efficient operations. This case study outlines the challenges PTG faced due to a ransomware attack, the remediation efforts led by AlphaRidge, and the results achieved in restoring patient records and improving cybersecurity measures.

As a large medical organization with active patients, it was imperative for PTG to keep the data flowing while simultaneously minimizing the attack surface, ensuring that the breach was contained and the data recoverable.

CHALLENGES AT A GLANCE

+ Recovering from a ransomware incident.

+ Former IT company accidentally deleted 5 months of backups.

+ Quick implementation to support a fast-moving medical organization and limit impact to patients.

+ Ensuring HIPAA compliance by adhering to the Breach Notification Rule and the Security Rule.

The Curve Ball

PTG's systems were compromised by a persistent ransomware infection, which led to the loss of five months of clinical and administrative patient chart data. The previous IT provider inadvertently deleted the data while attempting to address the issue, and all available backup methods were overwritten. This incident exposed PTG to significant risks, including potential non- compliance with HIPAA regulations and reputational damage.

 

“We needed to immediately assess the impact and retrieve patient records, while simultaneously recovering scanned attachments to continue daily operations."

Chief Financial Offer | PTG

 

The Solution

AlphaRidge was engaged to conduct an independent assessment, create a detailed data loss report, and recover lost patient data. They utilized health IT expertise and advanced data analysis techniques to assess the extent of data loss, map the event from compromise to remediation, produce admissible documentation, and recover data to recreate patient records minimizing the impact of data loss on patients.

The AlphaRidge team worked with the EHR software vendor to validate the data extraction and mapping processes when the EHR’s own systems did not support recovery.

This included independent backup and data loss verification, a disaster recovery audit, designing SQL database analysis, preserving and restoring salvageable patient data, and providing methodology and background documentation for the practice, attorneys, and insurance company.

The Results

AlphaRidge successfully recovered patient records for the practice, limiting the impact of the data loss. Their efforts led to the recovery of tens of thousands of patient records, improved security and data hygiene, and ultimately, better outcomes for the practice.

PTG’s cybersecurity event highlights the importance of having a reliable and experienced IT provider to handle cybersecurity incidents. Proper incident reporting, data extraction, and recovery efforts can mitigate the impact of data loss in such situations. The impact of a qualified IT provider goes beyond just lowering remediation costs; it can ultimately determine whether an organization is able to maintain its capacity to provide patient care.

 

“AlphaRidge handled our incident response, while keeping our practice operating, and working with all vendors to recover our patient’s data. Their discovery helped us recover over $3 million dollars of revenue at risk."

CEO & Owner | PTG

Previous
Previous

Global API Landscape: Uncovering and Fortifying Hidden Risks for a Fortune 500 Financial Services Corporation

Next
Next

Strengthening Cybersecurity in Remote Learning: A Leading Education Provider’s Cloud Infrastructure