Few word combinations are more dreadful than “ransomware” and “healthcare.” Despite countless hours and substantial investment, we see it more and more — not less. News outlets and cybersecurity blogs offer tips to “prevent,” “detect,” and “recover”; warn that “it’s not a matter of if, but when”; yet many still struggle to turn that guidance into action during a real incident. So why isn’t it working? Z-CERT, the Dutch national sectoral CSIRT for healthcare, is in a unique position to answer that question. Drawing on ransomware incidents Z-CERT handled over the past year, this talk shows what healthcare organisations should and should not do before, during, and after an attack. We offer an inside look at what decisions actually change outcomes when patient care is on the line — for better or for worse.
