powered by LeadingAge New York

International Cyberattack Threatens Healthcare Organizations

The U.S. Department of Health and Human Services (HHS) and the Department of Homeland Security (DHS) are calling for aggressive risk mitigation steps in response to the ransomware attack – “WannaCry” – plaguing businesses and healthcare organizations around the globe. On a recent sector call, HHS and DHS notified healthcare providers that the attack is not over and that variants are emerging. The two agencies urge providers to scan their systems for vulnerabilities and make sure that devices are fully patched and updated. In particular, providers are directed to apply the March and May patches provided by Microsoft to all systems and devices with known vulnerabilities.

The federal government is convening regular calls with stakeholders. To receive alerts and information, providers should register for the DHS Critical Infrastructure Protection listserv. The agencies involved have made available several resources:

For the latest Microsoft Security Information:

For ASPR TRACIE: Healthcare Cybersecurity Best Practices:

Request an unauthenticated scan of your public IP addresses from DHS:

  • The US-CERT’s National Cybersecurity Assessment & Technical Services (NCATS) provides integrated threat intelligence and provides an objective third-party perspective on the current cybersecurity posture of the stakeholder’s unclassified operational/business networks. NCATS security services are available at no cost to stakeholders. For more information, please contact NCATS_INFO@hq.dhs.gov.

If your organization is the victim of a ransomware attack, HHS and DHS ask you to contact law enforcement immediately.

  1. Contact your FBI Field Office Cyber Task Force immediately to report a ransomware event and request assistance. These professionals work with state and local law enforcement and other federal and international partners to pursue cyber criminals globally and to assist victims of cyber-crime.
  2. Report cyber incidents to the US-CERT and FBI's Internet Crime Complaint Center.

The federal government also asks you to share healthcare-specific indicators of any attack with HHS’ Healthcare Cybersecurity and Communications Integration Center (HCCIC) at HCCIC_RM@hhs.gov.

DHS and HHS advise that malicious actors are beginning to exploit the ransomware attack in more traditional ways. HHS has received at least one report from a hospital that received a telephone call from an individual claiming to be from Microsoft who offered support in combatting the ransomware, if given access to their servers.

Long-term/post-acute care providers and their business associates should be on heightened alert for malware infection and malicious attempts to compromise their networks. Close attention to updates and patches is strongly encouraged.

Contact: Karen Lipson, klipson@leadingageny.org, 518-867-8383 ext. 124