Ransomware Attacks on the Healthcare and Public Health Sector: A Message from the Secretary of Health and Human Services

The healthcare and public health sectors are vital to the health and security of the nation. These sectors are also increasingly becoming the target of cybersecurity attacks. These attacks include “ransomware,”  where an attacker gains access to an organization’s system, encrypts their data, and holds the information hostage until the organization agrees to pay. The MedStar Health System fell victim to an attack in March 2016, which forced them to shut down IT systems to several hospitals and outpatient centers in the Washington, D.C. area, and prevented the organization from accessing important patient records [1]. Other healthcare systems and hospitals in California, Kansas, Kentucky, and Indiana have also been victims of ransomware attacks in recent months [2].

Ransomware attacks create immediate disruption to daily activities, and in the case of the healthcare and public health sector, can challenge our ability to provide quality care for patients and the community, as well as imperil the security of patients’ financial and medical information. In response to this threat, the Secretary of Health and Human Services (HHS) released a letter and accompanying resources to educate and assist public health and healthcare organizations in protecting against and reporting these types of attacks to authorities.

It is critical that public health officials engage with their law enforcement and healthcare partners to understand the cybersecurity threats in their communities and what to do, should they fall victim to an attack. Local health departments are encouraged to share the Secretary’s letter and resources with other healthcare entities in their jurisdictions.

Listed below are some additional resources available to state and local public health related to cybersecurity:


[1] Source: The Washington Post and HealthCare IT News

[2] Source: CSO Online and HealthCare IT News

About Katie Dwyer

Katie Schemm Dwyer is a Director in NACCHO's Preparedness Division. Her work focuses on supporting local health departments strengthen public health preparedness systems through governance, coordination and liaison with federal preparedness organizations, policy, and program management.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.