As has been reported in major news outlets, hundreds of thousands of cyberattacks have occurred across more than 150 countries in the past few days. These attacks have been blamed for significant disruptions to hospitals and health care systems, infrastructure, and other organizations worldwide. These incidents appear to have been caused by a strain of ransomware that exploits a vulnerability in certain unpatched operating systems.
Clients are encouraged to take proactive steps to protect themselves, including applying security patches; instituting security alerts; training personnel to avoid and report suspicious emails and system activity; and ensuring online and offline backup systems are functional and up to date. For entities subject to HIPAA, it is also worth noting that a ransomware attack such as this may trigger legal breach notice obligations, depending on the particular facts.
For additional information about ransomware, including how it works, what it does and what your organization can do to protect itself from the threat, please see our September 2016 advisory on ransomware "Is Your Business Prepared for the Ransomware Epidemic?".