Case Study: Healthcare provider regains access and rebuilds a ransomware‑resilient environment with Palo Alto Networks Unit 42

Rebuilding a healthcare provider’s environment after a ransomware attack

A U.S. healthcare provider discovered a suspicious file that quickly escalated into a full ransomware incident that encrypted systems and rendered viable backups unusable. Facing locked data and potential ongoing access by the attacker, the organization engaged Palo Alto Networks’ Unit 42 to rapidly investigate, recover operations, and stop further damage.

Unit 42 identified the threat as BlackCat, helped negotiate with the attacker, coordinated restoration efforts, and deployed Cortex XDR for full visibility. Investigators found a keylogger and recommended rebuilding the environment from the ground up; backdoors were removed, access was restored, and the client’s security program was redesigned to be far more resilient to future attacks.