HHS Releases Update on Ryuk Ransomware Threat
Hospital Safety Insider, October 8, 2020
Want to receive articles like this one in your inbox? Subscribe to Hospital Safety Insider!
By Melanie Blackman
The Department of Health and Human Services’ (HHS) Office of the Assistant Secretary for Preparedness & Response has issued updates regarding the Ryuk ransomware threat that has threatened the healthcare and public sectors since 2018.
The Department also shared ransomware insights and protection recommendations from the Cybersecurity & Infrastructure Security Agency (CISA).
“The hospital field faces a COVID-induced ‘cyber triple threat,’ ” said John Riggi, senior advisor for cybersecurity and risk for the American Hospital Association, in a statement.
Riggi outlined the threats:
- A rapid expansion of the ‘attack surface’ because of increased remote and network-connected technologies
- A rise in cyberattacks by criminals who are taking advantage of the expanded attack surface
- Reduced revenue for hospitals and health systems to bolster cyber defenses
“Cyber criminals have increasingly targeted healthcare facilities during the COVID-19 pandemic, and this attack underscores why cybersecurity will continue to be a top priority for the healthcare field during a time when our health information systems are becoming more interconnected.
“We are most concerned with ransomware attacks that have the potential to disrupt patient care operations and risk patient safety. We believe any cyberattack against a hospital or health system is a threat-to-life crime and should be responded to and pursued as such by the government,” Riggi said.
One health system that was recently attacked was Universal Health Services, Inc. UHS had to temporarily shut down user access to IT applications due to a malware cyberattack last weekend. BleepingComputer has reported the attack was done by the Ryuk ransomware, but UHS has not yet confirmed the source of the attack.
UHS says it is continuing to “safely and effectively” serve patients through “offline documentation methods.” Currently, the health system says there is no evidence that patient or employee data was compromised during the cyberattack.
Melanie Blackman is the strategy editor at HealthLeaders, a Simplify Compliance brand.
Want to receive articles like this one in your inbox? Subscribe to Hospital Safety Insider!
Related Products
Most Popular
- Articles
-
- Don't forget the three checks in medication administration
- The consequences of an incomplete medical record
- Practice the six rights of medication administration
- Note similarities and differences between HCPCS, CPT® codes
- Nursing responsibilities for managing pain
- Complications from immobility by body system
- Q&A: Primary, principal, and secondary diagnoses
- Skills of effective case managers
- Prevent dehydration with nursing interventions
- OB services: Coding inside and outside of the package
- E-mailed
-
- Correctly bill ancillary bedside procedures in addition to the room rate
- The Cincinnati Pre-Hospital Stroke Scale
- Q: Will Medicare cover homecare services to residents of assisted living facilities (ALFs)?
- Q/A: Coding infusions to correct low potassium levels
- Q&A: Utilization Review Committee Membership
- OB services: Coding inside and outside of the package
- Know the medical gas cylinder storage requirements
- Intravenous therapy guidelines
- ICD-10-CM coma, stroke codes require more specific documentation
- Eight tips to improve MRI throughput
- Searched
-
- cold weather preparedness in hospital
- Nursing home administrator
- 72 hour supervised fasting
- 5.If the ICD10CM replaces ICD9CM Volumes 1 and
- anesthesia code for 45331
- Dynaper
- evidencebased competency management INVALIDem
- How to prevent hospitalacquired pressure ulcersinj
- INFECTION CONTROL
- language barriers