Skip to main content

Client Story · Ransomware Recovery · Medical

One open port cost them everything. We made sure it never happens again.

An Orange County plastic surgery practice was breached under their previous IT provider, a Remote Desktop port left open on the firewall let attackers encrypt every file and steal patient information, including photos. OCMSP found the hole, closed it for good, and rebuilt the practice into a secure, HIPAA-compliant, insurable one.

Compliance-ready:Ransomware RecoveryHIPAAImmutable BackupsFirewall HardeningCyber Insurance

Client network

Security Posture

Protected
  • Endpoint protectionActive
  • Data backupsVerified
  • HIPAA / PCI complianceMonitored
  • After-hours support24/7/365

The challenge

A breach caused by the last provider

When the practice came to OCMSP, the damage was already done, a ransomware attack that succeeded because the previous IT provider left a remote-access port wide open.

A door left wide open

Back in 2020, under their previous IT provider, an Orange County plastic surgery practice had a Remote Desktop port left exposed on the firewall, an open invitation that attackers found and walked straight through.

Files encrypted, patient photos stolen

The attackers encrypted every file on the network and exfiltrated sensitive patient information, including patients' photographs, some of the most private data a practice like this holds.

A ransom the practice refused to pay

The hackers demanded a ransom for the stolen data. The practice never paid, but with files locked and information already gone, the damage and disruption were severe.

No meaningful backups

There was no real backup system in place. With no clean recovery point to fall back on, the practice had almost nothing standing between the attack and total loss of its data.

What OCMSP delivered

Closed the hole, hardened everything

OCMSP didn't just react to the breach, we found how it happened, shut it down permanently, and rebuilt the practice on a secure, compliant, well-defended foundation.

Examined the entire network

OCMSP started by mapping the practice's network end to end, finding exactly how the attackers got in and every other exposure the previous provider had left behind.

Closed the exposed ports

We patched systems and closed the open Remote Desktop port, and every other unnecessary opening, shutting the door that let the breach happen in the first place.

Locked the attackers out for good

With the perimeter hardened and remote access properly secured, the attackers who had come and gone at will were locked out permanently and have never been able to get back in.

Immutable backups going forward

OCMSP implemented immutable backups that ransomware can't encrypt or delete, so from that point on, a clean, protected recovery point always exists no matter what an attacker tries.

Fortified the practice's defenses

We layered in modern, monitored security across the environment, turning a practice that had been trivially breached into one with real defense in depth watching over it.

Brought the practice up to HIPAA compliance

Handling patient health information and photos puts the practice squarely under HIPAA. OCMSP closed the gaps and built the safeguards needed to bring it into compliance.

Qualified the practice for cyber insurance

Once the proper controls were in place, OCMSP helped the practice secure cyber liability insurance, coverage that was out of reach while the environment was still exposed.

Ongoing managed protection

OCMSP continues to monitor and manage the practice's IT and security, keeping defenses current and the environment compliant as threats and the business evolve.

The engagement

How we secured the practice

01

Assess the damage

We stepped in, examined the network end to end, and identified exactly how the attackers had gotten in and what had been encrypted or stolen.

02

Close the gaps

We patched systems and closed the exposed Remote Desktop port and every other unnecessary opening, locking the attackers out for good.

03

Protect the data

We put immutable backups in place so a clean, ransomware-proof recovery point always exists, and fortified defenses across the environment.

04

Comply and insure

We brought the practice up to HIPAA compliance and, with the right controls finally in place, helped it qualify for cyber liability insurance.

Case study FAQ

How OCMSP rescued and secured the practice

What happened to this plastic surgery practice?

In 2020, before OCMSP became their provider, an Orange County plastic surgery practice was hit with ransomware. Their previous IT provider had left a Remote Desktop port open on the firewall. Attackers used that exposure to get into the network, encrypt all of the practice's files, and steal sensitive patient information, including patient photographs. The hackers demanded a ransom, which the practice never paid, and there was no meaningful backup system to fall back on.

How did OCMSP stop the attackers from getting back in?

We examined the entire network to understand exactly how the breach happened, then patched the systems and closed the open Remote Desktop port along with every other unnecessary opening. With remote access properly secured and the perimeter hardened, the attackers who had been coming and going were locked out for good and have never been able to return.

What did OCMSP do about the lack of backups?

OCMSP implemented immutable backups going forward, backups that ransomware cannot encrypt or delete. From that point on, the practice always has a clean, protected recovery point, so an attack can never again leave them with nothing to restore from.

Why did a Remote Desktop port matter so much?

An exposed Remote Desktop (RDP) port is one of the most common ways ransomware attackers break into a network, it's a remote-access doorway facing the open internet. Leaving it open on the firewall is like leaving the front door unlocked. Closing unnecessary ports and properly securing remote access is a basic control that would have prevented this attack, and it's one OCMSP verifies on every network we manage.

Is the practice secure, compliant, and insured now?

Yes. OCMSP closed the exposures, hardened the environment, and added immutable backups and ongoing monitoring. We brought the practice up to HIPAA compliance for the patient information and photos it handles, and with the proper controls in place we helped it qualify for cyber liability insurance, coverage it couldn't get while it was still exposed.

Can OCMSP help a practice that's mid-breach right now?

Yes. OCMSP has stepped in after other providers left clients exposed, assessing the damage, closing the gaps, protecting the data, and putting the right defenses in place to prevent a repeat. Whether you're recovering from an incident or want to make sure you never face one, we start with a free assessment of exactly where you stand.

Handle sensitive patient data?

If OCMSP can lock down a breached practice, we can protect yours

From breach recovery to always-on defense, OCMSP builds security that keeps medical practices running, HIPAA-compliant, and insurable. Book a free assessment and we'll map exactly where you stand.