Ransomware remains top of mind for healthcare organizations, and HHS is helping hospitals and health systems defend against such threats with a new guidance.
"The security of our healthcare systems is a shared responsibility," reads a letter from HHS Secretary Sylvia Burwell that accompanies the guidance. "We are here to support and assist as appropriate and to help you connect with resources across government to keep your business secure."
The letter indicates ransomware is not only a concern for CIOs. "This is a major threat to all aspects of your business," it reads.
The guidance outlines what ransomware is, how organizations can protect networks from ransomware and how to respond to a ransomware attack. HHS does not encourage organizations to pay a ransom, saying paying the ransom doesn't guarantee an organization will regain access to data, hackers may target organizations that pay ransom again and paying could encourage hackers to continue such attacks.
However, the guidance acknowledges many factors must be considered if a hospital is hit with ransomware to determine whether it should pay. "After systems have been compromised, whether to pay a ransom is a serious decision, requiring the evaluation of all options to protect shareholders, employees and customers," according to the guidance.
Click here to access the full guidance.
More articles on ransomware:
Why Crysis is healthcare's most threatening ransomware yet
12 latest healthcare data breaches
Ransomware: The new reality of cybercrime