Wood Ranch Medical Clinic (California)

The Catastrophe 

A 2019 ransomware attack encrypted the clinic’s EHR servers and backup hard drives; the owner announced a permanent closure (Dec 17, 2019). The HIPAA JournalAmerican Medical Associationcnacanada.ca 

Fallout 

No viable path to rebuild records; patient care and billing continuity collapsed, making operations untenable for a small practice. The HIPAA Journal 

Security Layer Failures Analysis 

• ❌ Layer 1: People — Users not conditioned to flag high-risk emails/attachments. 
• ❌ Layer 2: Physical — On-prem backup media accessible from compromised systems. 
• ❌ Layer 3: Cyber — No monitored EDR/MDR; flat network enabled rapid spread. 
• ❌ Layer 4: Risk Management — No risk register for “backups co-located with primaries.” 
• ❌ Layer 5: Leadership — No executive mandate for offsite/immutable backups.
• ❌ Layer 6: Culture — Backups treated as a checkbox, not a recovery objective. 
•  ❌ Layer 7: Resilience — No tested restore; no continuity plan for extended outage. 

ROI of Prevention 

Air-gapped/immutable backups, recovery testing, and CISO-led ransomware playbooks would have turned a closure into a contained incident. The HIPAA Journal