Skip to main content

HHS Releases Update on Ryuk Ransomware Threat

Analysis  |  By Melanie Blackman  
   September 30, 2020

The department is urging healthcare and public sectors to take steps to actively reduce cyberattack risks.

The Department of Health and Human Services' (HHS) Office of the Assistant Secretary for Preparedness & Response has issued updates regarding the Ryuk ransomware threat that has threatened the healthcare and public sectors since 2018.

The Department also shared ransomware insights and protection recommendations from the Cybersecurity & Infrastructure Security Agency (CISA).

"The hospital field faces a COVID-induced 'cyber triple threat,' " said John Riggi, senior advisor for cybersecurity and risk for the American Hospital Association, in a statement.

Riggi outlined the threats:

  1. A rapid expansion of the 'attack surface' because of increased remote and network-connected technologies
  2. A rise in cyberattacks by criminals who are taking advantage of the expanded attack surface
  3. Reduced revenue for hospitals and health systems to bolster cyber defenses


"Cyber criminals have increasingly targeted healthcare facilities during the COVID-19 pandemic, and this attack underscores why cybersecurity will continue to be a top priority for the healthcare field during a time when our health information systems are becoming more interconnected.

"We are most concerned with ransomware attacks that have the potential to disrupt patient care operations and risk patient safety. We believe any cyberattack against a hospital or health system is a threat-to-life crime and should be responded to and pursued as such by the government," Riggi said.

One health system that was recently attacked was Universal Health Services, Inc. UHS had to temporarily shut down user access to IT applications due to a malware cyberattack last weekend. BleepingComputer has reported the attack was done by the Ryuk ransomware, but UHS has not yet confirmed the source of the attack.

UHS says it is continuing to "safely and effectively" serve patients through "offline documentation methods." Currently, the health system says there is no evidence that patient or employee data was compromised during the cyberattack.

Related: HIPAA Business Associate Pays $2.3M to Settle Breach Affecting More Than 6M

Related: Strategies for Hospitals to Stay 'Cybersafe' During a Pandemic

Melanie Blackman is a contributing editor for strategy, marketing, and human resources at HealthLeaders, an HCPro brand.

Get the latest on healthcare leadership in your inbox.