Healthcare records of an Arizona clinic have not been available for months after a ransomware infection. The Desert Care clinic got infected in August, and they were not able to recover the files. They sent a letter (PDF) to their clients who got the advice to monitor their credit records and account statements, benefits and credit card bills.
The server contained 500 records of the patient's name, DOB, address, medical details, treatment details and apparently credit card information. Desert Care reported the breach to the U.S. Department of Health and Human Services Office for Civil Rights December 20th. You should check this database, the amount of reported data breaches in Health Care is horrendous.
The clinic mentions that they do not know if the encrypted data was also stolen, and has alerted local law enforcement and the FBI. The server was inspected by serveral IT specialists, but they could not decrypt the files. Clearly no backups available, and no intention to pay ransom either. I cannot repeat often enough that now is the time to religiously backup all files and also regularly test if your restore function works!
And oh, train those users to not open phishing email attachments and enable macros...