Case Study

Helping a healthcare leader recover from a malware attack

A major healthcare sector organization struggled to manage in the wake of a malware attack—they needed a knowledgeable expert to help communicate to customers, regulators, and their executive stakeholders, in addition to improving their future cyber posture. A Unit 42® vCISO was on the scene to assist.

In brief


The client has requested to remain anonymous due to the sensitive nature of the incident

Products and Services

Unit 42 Virtual CISO (vCISO)


United States of America




The organization needed to recover from malware attack, coordinate its cybersecurity response, communicate with customers, legal, and regulators, and define and build a cybersecurity program to ensure it would not happen again.

    • Manage malware attack response, communicate with customers, lawyers, and regulators
    • Build a cybersecurity strategy and reduce cyber risks moving forward

Unit 42 provided a vCISO to manage the breach response, manage communications, and coordinate with internal teams to create a cybersecurity strategy to answer questions about the company’s security posture.

Download PDF Share


Navigating a complex and mission-critical response

A national healthcare provider experienced a malware attack that crippled its ability to provide critical business services to its clients. Due to the nature of the attack, executives needed to spend considerable time answering legal and regulatory questions and offering assurances to customers regarding their response to the incident. Without a chief security information officer to oversee the cybersecurity program, they needed a knowledgeable expert to help them communicate with customers, regulators, and executive stakeholders.


Expert risk management and (stakeholder) communication

The organization determined that they needed a Unit 42 vCISO—a virtual chief information security officer—to help identify and manage risk and interface with customers and regulators to provide updates on the corporate response.

In addition, the client wanted to build a detailed cybersecurity program to improve their security posture, response playbooks, and minimize the impact of future events. Knowing it would take a good amount of time to identify, recruit, and onboard an executive, the organization needed an interim cybersecurity consultant to act in the capacity of a CISO.


A vCISO helps the organization take charge

Managing highly visible malware incidents can challenge any organization. Many healthcare organizations lack highly expert senior-level cybersecurity staff, making the task even more considerable. In the wake of a malware incident, this organization turned to Unit 42 to serve as a vCISO to identify and manage risk as well as provide extensive communication assistance to customers, attorneys, and regulators, giving status updates on remediation measures implemented to mitigate risk.

The vCISO immediately took charge of the organization’s internal cybersecurity team, performing the role of the chief information security officer. The new vCISO was responsible for collaborating with internal business groups to develop a robust information security program, authored a multiyear cybersecurity roadmap of tactical initiatives, and built a short- and long-term budget to support these initiatives.

During the engagement, the vCISO became a trusted advisor to the corporate executives and, ultimately, the board of directors, providing a highly effective communication function internally, externally, and up the chain of command.


Establishing a stronger security posture

With a Unit 42 vCISO onboard, the corporate executives were able to focus on restoring normal business operations while entrusting the vCISO with critical communications functions for customers, attorneys, regulators, and executive stakeholders. The Unit 42 vCISO helped the organization to develop a more robust information security program with the goal of improving its defenses now and in the future.

To learn more about Unit 42, visit

Get in touch

If you’d like to learn more about how Unit 42 can help your organization defend against and respond to severe cyberthreats, visit to connect with a team member

Under attack?

If you think you may have been breached or have an urgent matter, please email unit42-investigations@ or call US Toll-Free: 1.866.486.4842 (866.4.UNIT42), EMEA: +, and JAPAC: +65.6983.8730