Recover
After remediating the ransomware infection, rebuild affected systems from trusted media, restore lost data from backups, revert back to normal operations, do a root cause analysis, and report as appropriate to relevant authorities.
Resources
Incident Preparedness and Response
The Medical Device Cybersecurity Regional Incident Preparedness and Response Playbook outlines a framework for health delivery organizations (HDOs) and other stakeholders to plan for and respond to cybersecurity incidents around medical devices, ensure effectiveness of devices, and protect patient safety.
NIST Data Integrity: Recovering
The National Cybersecurity Center of Excellence (NCCoE) at NIST built a laboratory environment to explore methods to effectively recover from a data corruption event in various Information Technology (IT) enterprise environments. NCCoE also implemented auditing and reporting IT system use to support incident recovery and investigations.