WannaCry Not Finished With Healthcare

Two Large U. S. Hospitals Still Dealing with Attack

Yesterday, more than three weeks after the first WannaCry attack, the U.S. Department of Health and Human Services reported that two large multistate U.S. hospital systems are still facing significant operational challenges because of the WannaCry malware. On patched devices, the virus stopped short of encryption but has been able to disrupt operations on Windows operating systems – the particular effects vary depending on the version of Windows on the device.

Note – if your device was infected and you patched the software afterward, you have weakened, not stopped, the potential bad effects.

Action Steps

If you believe your system has been attacked by WannaCry, or any other powerful disruptive hack, you should notify your IT staff immediately, consult with your lawyer who will help navigate reporting to law enforcement and other regulatory agencies, and work with your vendors for a coordinated defense and mitigation plan. And always install patches from your software providers to keep software up to date.

HHS Recommends

  1. Contact your FBI Field Office Cyber Task Force (www.fbi.gov/contact-us/field/field-offices) or US Secret Service Electronic Crimes Task Force (www.secretservice.gov/investigation/#field)  to report a ransomware event and request assistance.
  2. Report cyber incidents to the US-CERT (www.us-cert.gov/ncas) and FBI’s Internet Crime Complaint Center (www.ic3.gov).
  3. **NEW** If your facility experiences a suspected cyberattack affecting medical devices, you may contact FDA’s 24/7 emergency line at 1-866-300-4374. Reports of impact on multiple devices should be aggregated on a system/facility level.
  4. For further analysis and healthcare-specific indicator sharing, please also share these indicators with HHS’ Healthcare Cybersecurity and Communications Integration Center (HCCIC) at HCCIC_RM@hhs.gov 



The HIPAA E-Tool® makes compliance fast and easy. Get your free HIPAA Quick Start Kit, complete with a webcam privacy guard, HIPAA Hot Zone labels and a HIPAA checklist delivered directly to your office.

Share This Post

Share on facebook
Share on twitter
Share on linkedin

Maggie Hales

Maggie Hales is a lawyer specializing in health information privacy and security. As CEO of ET&C Group LLC she advises health care providers and business associates in 36 states, Canada, Egypt, India and the EU, using The HIPAA E-Tool® to deliver up to date policies, forms and training on everything related to HIPAA compliance.

Copyright © 2020 ET&C Group LLC.

The HIPAA E-Tool® and Protecting Patient Privacy is Our Job®
are registered trademarks of ET&C Group LLC

Terms of Service | Privacy Policy

Powered by JEMSU

Mailing Address
The HIPAA E-Tool
PO Box 179104
St. Louis, MO 63117-9104

8820 Ladue Road Suite 200
Saint Louis, MO 63124

You may have questions about COVID-19 and HIPAA. We have answers. 

We are open and answering questions about all the new modifications and waivers, coming from HHS, OCR, CMS, and the new CARES act.

If you need help with HIPAA during the COVID-19 pandemic, fill in the form, and we’ll get back to you.

Free hipaa kit!

hipaa compliance Quick start kit
Delivered free