Skip to Main Content
Don't have an account? Create Account
Don't have an account? Create Account

HHS Shares IT Security Resources Amid Ransomware Attacks

In the wake of an ongoing international ransomware attack that hit health care organizations across the United Kingdom, the Department of Health and Human Services (HHS) shared guidance about how health care organizations in the United States can protect themselves against this cyber threat.

The U.S. Computer Emergency Readiness Team defines ransomware as a type of malware that infects computers and restricts access to files until a ransom is paid. Malware often is spread through attachments and links in phishing emails, which masquerade as emails from a familiar source. Hackers recently have used remote desktop protocol (RDP) servers that are open to the internet to log into users’ systems.

To protect against ransomware, HHS urges internet users to:

  • only open email from people you know and from whom you are expecting to receive mail;
  • avoid clicking links in emails that were not expected;
  • keep computers and antivirus software up to date; and
  • disable RDP if possible or only allow network access where needed.

Victims of ransomware should contact law enforcement immediately and report cyber incidents to the U.S. Computer Emergency Readiness Team (US-CERT) and Federal Bureau of Investigation’s (FBI’s) Internet Crime Complaint Center.

HHS is working to secure its systems and coordinate with the Department of Homeland Security and FBI. HHS requests that organizations contact the department at if patient care or supply chain distribution are effected by ransomware.

More information on ransomware is available in an HHS ransomware fact sheet and on the US-CERT website, which will be updated regularly.

Contact Director of Policy Erin O’Malley at or 202.585.0127 with questions.


About the Author

Emily Schweich is a communications manager at America's Essential Hospitals.

Previous Next
Test Caption
Test Description goes like this