England's National Health Service, others report ransomware attacks

Hospitals and other clinical services in England’s National Health Service today reported a ransomware attack, a type of cyberattack in which the actors demand the payment of ransom to regain access to a victim’s data. “This attack was not specifically targeted at the NHS and is affecting organizations from across a range of sectors,” NHS Digital, the information technology arm of the service, said in a statement. “At this stage we do not have any evidence that patient data has been accessed. NHS Digital is working closely with the National Cyber Security Centre, the Department of Health and NHS England to support affected organizations and ensure patient safety is protected. Our focus is on supporting organizations to manage the incident swiftly and decisively, but we will continue to communicate with NHS colleagues and will share more information as it becomes available.” According to press reports, ransomware attacks also were reported today by companies and organizations in dozens of other countries. For more on the United Kingdom incident, see the Daily Security Intelligence Report from the U.S. National Health Information Sharing and Analysis Center, available to AHA members at www.aha.org/cybersecurity. While there is no guidance specific to this attack at this time, the Department of Health and Human Services’ Office of the Assistant Secretary for Preparedness and Response is urging hospitals to “continue to exercise cyber security best practices – particularly with respect to email.” Microsoft provided an update that will patch this vulnerability in March. AHA urges hospitals to review the Federal Bureau of Investigation’s guidance on malware and continue to monitor news reports as additional details of the ongoing attack unfold.