Rapid Ransomware Response and Full Recovery
How a dental practice recovered from a crippling cyberattack — thanks to Sunset’s unified IT + Security model
The Incident
In June 2025, a multi-operatory dental practice experienced a ransomware attack that began in the early morning hours, silently targeting multiple workstations. The malware variant, later identified as Safepay, aimed to encrypt clinical systems and demand ransom for decryption keys.
Fortunately, Sunset’s advanced endpoint detection and response (EDR) tools caught the attack instantly automatically isolating the affected systems to prevent widespread encryption.
The Investigation
Sunset’s Security Operations Center (SOC) immediately launched a forensic investigation. Logs confirmed unauthorized remote access and attempts to take over system controls. Compromised firewalls rules and expired licenses (previously recommended updates) were also discovered.
This wasn’t just a bad day. It was a perfect storm.
 The Response
Rather than taking chances with possible reinfection, Sunset deployed a “rebuild, don’t restore” strategy:
- All servers were rebuilt from scratch
- No local backups were used due to potential contamination
- All data was pulled from secure, cloud-based backups
- New, clean systems were installed, scanned, and hardened
By Monday morning—just 72 hours after the attack—the practice was back up and seeing patients. Every part of the infrastructure was reviewed, secured, and confirmed safe.
What Could Have Happened Without Sunset
 Estimated Downtime
 Typical ransomware recovery without a unified IT/SOC team:
-
-
-  10–14 business days (industry average for small/medium healthcare orgs)
-
Production impact:
-
-
- 10 clinical days of lost appointments
- Limited communication, billing, and imaging access
- Staff paid but unable to work efficiently
-
 Estimated Financial Cost
Category |
Estimated Cost |
| Lost production (clinical downtime) |
$7,500 – $15,000 per day × 10 days = $75,000 – $150,000 |
| Third-party forensics & remediation team |
$40,000 – $60,000 |
| HIPAA legal guidance & breach response |
$25,000 – $50,000 |
| Notification, credit monitoring, PR |
$20,000 – $40,000 |
| Cyber insurance premium increase (multi-year impact) |
$10,000+ |
| Total Estimated Cost |
$170,000 – $310,000 |
Note This estimate excludes potential regulatory fines if unauthorized access or data exfiltration were confirmed.
The Turnaround
Prior to the incident, Sunset had recommended replacing outdated hardware—including the firewall, NAS, and several workstations—but those recommendations had not been approved.
After this event, the practice immediately authorized the necessary upgrades, aligning their infrastructure with current best practices. This was a hard-earned lesson—and a turning point in their long-term security strategy.
Why It Mattered
 This case underscores why choosing a partner who offers integrated IT and cybersecurity support—not just monitoring or alerts—can make the difference between quick recovery and catastrophic downtime.
- No handoffs
- No finger-pointing
- No delays
- Just one team managing your technology and protecting your operations
Lessons for All Practices
- Cloud backups save businesses
- Ransomware doesn’t wait—neither should you
- Outdated equipment is more than inefficient—it’s vulnerable
- And nothing replaces a team that can detect, respond, and remediate—end to end
 This is what it means to feel Rest Assured.
Sunset Technologies is more than IT. We’re your partner in uptime, performance, and security.
Is your practice prepared?
Call Sunset today and Rest Assured tomorrow.
