HIMSS has been active in helping the healthcare community address and mitigate the spread of the WannaCry Ransomware attack. This is a new type of ransomware that has affected organizations around the world in just a matter of days. Unlike other forms of ransomware seen over the past year, this type does not require human intervention to spread.
HIMSS staff has been in regular contact with Department of Health and Human Services (HHS) officials to see how our organization could be a resource to the Department as it looked for ways to push out information to the healthcare community.
The HIMSS homepage has been updated with several pertinent resources, including links to a blog that Lee Kim, HIMSS Director of Privacy and Security, penned about how the community can protect its assets and what organizations can do if they are hit by the attack or if they have cyber threat indicators to share. Lee also included great resources for folks that are interested in more information, including links to US Computer Emergency Readiness Team (US-CERT) bulletins, FBI Flash Reports, Microsoft Updates, and HHS HIPAA and Ransomware Fact Sheets.
If you are the victim of ransomware or have cyber threat indicators to share, HHS recommends the following steps:
- Contact your FBI Field Office Cyber Task Force immediately to report a ransomware event and request assistance. These professionals work with state and local law enforcement and other federal and international partners to pursue cyber criminals globally and to assist victims of cyber-crime.
- Report cyber incidents to the US-CERT and FBI's Internet Crime Complaint Center.
For further analysis and healthcare-specific indicator sharing, please also share these indicators with HHS’ Healthcare Cybersecurity and Communications Integration Center (HCCIC) at HCCIC_RM@hhs.gov.