The latest round of ransomware attacks is here and the Department of Health & Human Services (HHS) has indicated the health care and public health sectors may be adversely affected. In its June 27 alert bulletin, the HHS Office for Civil Rights provided guidance for mitigating the ransomware threat and how to respond if victimized.

To mitigate risks, educate your system users about common phishing tactics so they are less likely to access malicious attachments and links. Also, employ appropriate technological safeguards, such as the latest security patches, blocking tools and anti‑virus products.

If you do find yourself victimized by a ransomware attack, suggested steps include:

            1.     Contact the FBI Field Office Cyber Task Force or U.S. Secret Service Electronic Crimes Task Force to report the attack and request assistance.
            2.     Report incidents to US-CERT (US Computer Emergency Readiness Team) and the FBI’s Internet Crime Complaint Center.
            3.     If medical devices are affected by the attack, contact the FDA’s emergency line at 1-866-300-4374.
            4.     You can also report health care-specific issues to the HHS Cybersecurity and Communications Integration Center at HCCIC@hhs.gov.