It's 3:30 in the morning the call comes in, we have a ransomware attack that is locking up all of our systems. What do you do?

Today we look at the events following the initial diagnosis of a health system that was ransomed just last fall. Some of the steps are obvious, some not so obvious. 

Tomorrow, we look at the lessons learned in the process.