Ransomware Guidance For Health Centers


Ransomware is a type of malware that takes control over a computer or computer system by encrypting all the data on the drive. The data is then held at ransom until a predetermined cost is paid. Due to the use of cryptocurrencies (e.g., bitcoins) for payment it is difficult to track those demanding the ransom making it tough to prosecute.

Problem Statement

A rapid increase in the computerization of health care organizations, many without the capacity to keep up to date with the extensive privacy and security measures required, has made them targets for cyber-criminals. In the last couple of years there have been numerous ransomware attacks that has held critical hospital data at ransom.

Health Centers may be perceived as more vulnerable targets by cyber-criminals due to a potentially smaller IT staff and older set of IT infrastructure (e.g., operating systems without latest security updates).

Examples in the News

Massive Locky ransomware attacks hit U.S. hospitals


Security report - Nearly 90 percent of ransomware attacks target healthcare


Virginia dermatologist hit by ransomware attack, records for 13,000 patients seized


Ransomware Transmission

  • E-mails posing as legitimate business or tempting links
  • Trojans acting as update requests
  • Anti-Virus programs patches and updates
  • Windows system updates
  • False “You’ve got a virus” notifications
  • Gaining access by exploiting known network or security softwarae vulnerabilities

Ransomware Use Cases

Ransomware Alert and Guidance for Health Centers
Ransomware Alert and Guidance for Health Centers

Ransomware Alert and Guidance for Health Centers

The Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the U.S. Department of Health and Human Services (HHS) have announced an increased and imminent cybercrime threat to U.S. hospitals and healthcare providers.  
CISA, FBI, and HHS have released AA20-302A Ransomware Activity Targeting the Healthcare and Public Health Sector that details both the threat and practices that healthcare organizations should continuously engage in to help manage the risk posed by ransomware and other cyber threats. The advisory references the joint CISA MS-ISAC Ransomware Guide that provides a ransomware response checklist that can serve as a ransomware-specific addendum to organization cyber incident response plans. 

It has been noted that hackers are using Ryuk ransomware — malicious software used to encrypt data and keep it locked up — and the Trickbot network of infected computers to steal data, disrupt health care services and extort money from health care facilities. Such data hijacking often cripples online systems, forcing many to pay up to millions of dollars to restore their services.

Find links and further documentation below

Turn the Lights on Ransomware
Turn the Lights on Ransomware

Turn the Lights on Ransomware

This YouTube video provides an exciting ransomware re-enactment that helps explain how a ransomware incident occurs, common mistakes and methods for mitigation. It also includes a link to a Ransomware Readiness Assessment by the security vendor TrendMicro.


Ransomware Response Tactics



  • Ransoms through ransomware continue to grow in costs as ransomware methods become more sophisticated.
  • Outside of the ransom, the cost due to downtime, recovery, and security maintenance can be considerable


  • Privacy and security negligence may constitute legal ramifications based on state and federal policies and regulations (e.g. HIPAA).
  • Personal lawsuits may be leveled if there is perceived harm


  • Ransomware events have become a hot topic and speak poorly of the victims regardless of the exact circumstances.
  • Patient’s may be hesitant to initiate or reconsider care if they perceive that a provider is unsafe with their health data

Primary Prevention Methods

Employee Security Training and Awareness

  • Educate staff on what ransomware is and common traps they might experience
    • Instill email and website suspicion. Help staff know what to look for and what to do if they find something suspicious
    • Teach staff to not click on any links or files un-related to work and inform them of the possible consequences of these types of actions
    • Test and educate: Send a false email with a traceable link


  • Confirm that backup routines are actively deployed
  • Confirm that backups can be effectively restored

Anti-Virus Programs

  • Scan both inbound and outbound emails regularly
  • Authenticate inbound emails

Firewalls & Network Access Control

  • Block access to known malicious IP addresses. Many are well documented.
  • Provide concise configurations for access to files, directories and networks


The following provides a preliminary list of videos with examples on how conduct specific types of ransomware removal: https://www.youtube.com/playlist?list=PL302CE7037FD86F7B

Depending on your vendor, as a preventive measure, you should request direct advisement on the processes required for removal of commonly known ransomware.

Further Ransomware Resources


Ransomware Prevention & Mitigation Tools

Encrypting Data at Rest on Servers
Encrypting Data at Rest on Servers

Encrypting Data at Rest on Servers

It is common practice today to encrypt data at rest, that is, data stored on servers. This is especially applicable to health centers who are less frequently actively transporting data across disparate networks. Like many smaller healthcare organizations, Health Centers are particularly vulnerable to potential attack and infiltration by data hackers for several reasons: they tend to have fewer technical support staff, resource limitations make it harder to assess, implement, and maintain safe data practices, and organizational inertia limits preventive action when no threat is perceived. 

Strategic Cybersecurity Investments: Leveraging American Rescue Plan Funding to Enhance Infrastructure and Services
Strategic Cybersecurity Investments: Leveraging American Rescue Plan Funding to Enhance Infrastructure and Services

Strategic Cybersecurity Investments: Leveraging American Rescue Plan Funding to Enhance Infrastructure and Services

Healthcare continues to be the sector most targeted globally by ransomware and related malware attacks and leads in the average total cost of data breach across industries. The FY 2021 American Rescue Plan Funding provides an excellent opportunity for Health Centers to make strategic investments in cybersecurity infrastructure and services. This HITEQ Highlight, presented by Adam Kehler of Online Business Systems provides an overview of assets that can increase Health Center cybersecurity. Topics covered include cybersecurity infrastructure and services that can increase defense-in-depth for health IT, including EHRs, telehealth tools and services, mobile medical devices, patient portals, and related health information software applications.

Note: You can view our American Rescue Plan: Budget Your Cybersecurity Investments guidance document in the Documents to Download section below. An accessible version of the handout is is also available in the Documents to Download section. 



This resource collection was cultivated and developed by the HITEQ team with valuable suggestions and contributions from HITEQ Project collaborators.

Looking for something different or have something you think could assist?

HITEQ works to provide top quality resources, but know your needs can be specific. If you are just not finding the right resource or have a highly explicit need then please use the Request a Resource button below so that we can try to better understand your requirements.

If on the other hand you know of a great resource already or have one that you have developed then please get in touch with us by clicking on the Share a Resource button below. We are always on the hunt for tools that can better server Health Centers.

Request a Resource  Share a Resource
Quick Feedback Request
Highlighted Resources & Events
Need Assistance?
Would you like more assistance regarding Ransomware Prevention strategies or support in using any of the included resource sets?

  Request Support


The Quadruple Aim
Quadruple Aim

A Conceptual Framework

Improving the U.S. health care system requires four aims: improving the experience of care, improving the health of populations, reducing per capita costs and improving care team well-being. HITEQ Center resources seek to provide content and direction aligned with the goals of the Quadruple Aim

Learn More