On May 12, a massive cyber-attack affecting health care organizations across the world prompted the U.S. Department of Health and Human Services (HHS) to issue a warning to U.S. health care organizations. The attack apparently first began in England, causing information systems at health care organizations throughout the country to become infected with ransomware known as "WannaCry." Once infected, data cannot be accessed until a ransom payment is made. The attack is continuing to spread throughout the world at a rapid pace, at last count affecting organizations in approximately 100 countries. The HHS warning indicated that the attack has already affected hospitals and health care information systems within the U.S. To assist health care organizations, HHS recently issued updated ransomware and cyber threat guidance.
For health care organizations, an attack of this nature can directly impact patient care and prevent health care providers from performing critical health care operations. Health care organizations should consider taking immediate action to secure their information technology networks, including actively monitoring network traffic, ensuring that all applications and operating systems are updated and patched and communicating to workforce members that they should be suspicious of all emails from an unknown source until further notice. If your organization becomes a victim of this attack, it will be important to take immediate steps to contain the threat, and implement a contingency plan to minimize any disruption in patient care in order to ensure that health care operations can continue in compliance with applicable laws. Find more information here.