Partly due to the critical nature of their services, industries such as healthcare are frequent targets for ransomware attacks. Advice on how to respond is plentiful, but the most valuable lessons can come from those who have lived through these attacks as victims and investigators. During a panel at Georgetown’s 2018 Cybersecurity Law Institute, Mary Chapin, chief legal officer of the National Student Clearinghouse, Hadley Etienne, FBI Supervisory Special Agent, Major Cybercrimes, and Larry Smith, vice president for corporate risk management services at MedStar Health, discussed the prevalence, reporting trends and legal implications of a ransomware attack. They examined the 2016 attack on MedStar Health in detail, providing lessons on attack prevention, mitigation and response. See “Identifying and Preparing for Ransomware Threats (Part One of Two)” (Feb. 28, 2018); Part Two (Mar. 14, 2018).