Preventing and recovering from ransomware

Ransomware is a type of malicious software that denies access to computer files and demands that affected organisations make a payment to regain access to their information. The impact of a ransomware attack on a healthcare provider can potentially cause significant reputational damage, financial loss and flow on impacts to patient safety.

The prevalence of ransomware attacks in healthcare is continuing at an alarming rate. The well known WannaCry ransomware attack in May 2017 affected 81 healthcare organisations, 595 general practices, five hospital emergency departments and 1,220 medical devices used by the National Health Service in the United Kingdom.

To help you to reduce the risk of experiencing a similar incident, the Agency has prepared two briefing papers for:

  1. Senior Managers – outlining four key points to ensure your organisation is prepared to respond to ransomware attacks
  2. IT Professionals – detailing the technical controls and recovery activities that will assist in mitigating the impact of a ransomware attack.

You may also wish to read guidance about:

  • patch management, which is important for reducing the likelihood of a ransomware attack
  • backups, as a robust backup regime is essential to recovering from a ransomware attack.

For additional information security guidance see: