On May 12, 2017, a massive cyber attack affecting health care organizations across the world prompted the United States Department of Health and Human Services (“HHS”) to issue a warning to U.S. health care organizations. The attack apparently first began in England, causing information systems at health care organizations throughout the country to become infected with ransomware known as WannaCry. Once infected, data cannot be accessed until a ransom payment is made.
The attack is continuing to spread throughout the world at a rapid pace, at last count affecting organizations in approximately 100 countries. The HHS warning indicated that the attack has already affected hospitals and health care information systems within the United States. Based on what has occurred thus far, the attack likely will continue to spread to additional health care organizations.
For health care organizations, an attack of this nature can directly affect patient care and prevent health care providers from performing critical health care operations. Health care organizations should consider taking immediate action to secure their information technology networks, including actively monitoring network traffic, ensuring that all applications and operating systems are updated and patched and communicating to workforce members that they should be suspicious of all emails from an unknown source until further notice.
If your organization becomes a victim of this attack, it will be important to take immediate steps to contain the threat and implement a contingency plan to minimize any disruption in patient care in order to ensure that health care operations can continue in compliance with applicable laws.