Case Study: Private Orthopedic Specialty Medical Practice Provider Rapidly Recovers from Ransomware with Semperis

Sirius Healthcare and Semperis help medical practice thwart devastating impacts, strengthen security stance

Private Orthopedic Specialty Medical Practice Provider, a large orthopedic, physical therapy, and sports medicine practice with 30 locations and more than 2,000 employees, suffered a ransomware attack after a phishing email led to lateral movement, privilege escalation, and compromise of multiple Microsoft Active Directory domain controllers. The organization turned to Semperis, working with Sirius Healthcare, to help with incident response and remediation in a complex, distributed AD environment.

Semperis helped the practice quickly quarantine affected domain controllers, shut down risky access, identify an unaffected DC for recovery, and cleanse Active Directory, including resetting KRBTGT and disabling print spooler services on all domain controllers. Using Semperis Directory Services Protector (DSP), the team then monitored for lingering attacker activity, exposed misconfigurations, and flagged suspicious changes; DSP also improved ongoing change control and rollback capabilities. Semperis says its approach can cut recovery time by 90%, and in this case the client regained control without data exfiltration and with minimal business disruption.