WannaCry Not Finished With Healthcare

Two Large U. S. Hospitals Still Dealing with Attack

Yesterday, more than three weeks after the first WannaCry attack, the U.S. Department of Health and Human Services reported that two large multistate U.S. hospital systems are still facing significant operational challenges because of the WannaCry malware. On patched devices, the virus stopped short of encryption but has been able to disrupt operations on Windows operating systems – the particular effects vary depending on the version of Windows on the device.

Note – if your device was infected and you patched the software afterward, you have weakened, not stopped, the potential bad effects.

Action Steps

If you believe your system has been attacked by WannaCry, or any other powerful disruptive hack, you should notify your IT staff immediately, consult with your lawyer who will help navigate reporting to law enforcement and other regulatory agencies, and work with your vendors for a coordinated defense and mitigation plan. And always install patches from your software providers to keep software up to date.

HHS Recommends

  1. Contact your FBI Field Office Cyber Task Force (www.fbi.gov/contact-us/field/field-offices) or US Secret Service Electronic Crimes Task Force (www.secretservice.gov/investigation/#field)  to report a ransomware event and request assistance.
  2. Report cyber incidents to the US-CERT (www.us-cert.gov/ncas) and FBI’s Internet Crime Complaint Center (www.ic3.gov).
  3. **NEW** If your facility experiences a suspected cyberattack affecting medical devices, you may contact FDA’s 24/7 emergency line at 1-866-300-4374. Reports of impact on multiple devices should be aggregated on a system/facility level.
  4. For further analysis and healthcare-specific indicator sharing, please also share these indicators with HHS’ Healthcare Cybersecurity and Communications Integration Center (HCCIC) at HCCIC_RM@hhs.gov 

 

 

Share This Post

Share on facebook
Share on twitter
Share on linkedin

Maggie Hales

Maggie Hales is a lawyer specializing in health information privacy and security. As CEO of ET&C Group LLC she advises health care providers and business associates in 36 states, Canada and the EU, using The HIPAA E-Tool® to deliver up to date policies, forms and training on everything related to HIPAA compliance.

Copyright © 2019 The ET&C Group LLC.
The HIPAA E-Tool® is a registered trademark of The ET&C Group LLC
Terms of Service | Privacy Policy