Guidance on Potential Ransomware Attacks on US Hospitals


We hope you have read about the reporting on potential ransomware attacks on US hospitals and perhaps other health care providers. If you have not, please review this guidance from the government agencies involved in this investigating this set of attacks. 

Obviously, ensuring that your systems are aggressively protected and monitored in this immediate time frame is of particular importance. You also should consider whether to review your existing backup systems or other alternative means of accessing your critical medical information in advance of an attack (rather than waiting). In addition, please consider the following steps over the course of this situation. 

  • Contact law enforcement if you are attacked – the FBI is involved in these investigations.
  • Pay careful attention to internal efforts to protect your systems and obtain access to this information. This should include consideration of privilege issues in relation to future litigation and/or investigations. 
  • Evaluate the impact of any attacks in terms of generating notices to patients or others, as required by HIPAA and/or state law. Ransomware attacks create particularly complicated questions in connection with breach notification obligations.
  • Implement your incident response plan thoughtfully and efficiently – and make sure that you revise it going forward to incorporate any lessons learned
  • During the event and following it, ensure that you are reviewing what happened and how your systems and policies can be improved. HHS in particular pays close attention to these remediation and improvement efforts when it is conducting investigations under the HIPAA rules. 

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© WilmerHale | Attorney Advertising

Written by:


WilmerHale on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide

This website uses cookies to improve user experience, track anonymous site usage, store authorization tokens and permit sharing on social media networks. By continuing to browse this website you accept the use of cookies. Click here to read more about how we use cookies.