This document provides information about building an effective ransomware defense program. It discusses the large costs ransomware attacks have had on the healthcare industry, with the average cost of an attack being over $60 million. A case study is presented on a 200 bed facility that was impacted by a ransomware attack, with their cash reserves being depleted, claims processing stopping, and revenue reductions of $2 million. The document outlines the operational impact of typical ransomware attacks, including two full weeks of downtime and multiple impacted systems. It stresses the importance of having ransomware runbooks, testing controls, and establishing communication plans to prepare and respond to such attacks.