Interactive Counsel

Arent Fox's interactive media law blog - latest news and trends in advertising, data security & privacy, and IP.

Interactive Counsel

Our Allies Under Attack! Ransomware Hits the Brits and Quickly Spreading Across Globe – Batten Down the Hatches NOW


Our Allies Under Attack! Ransomware Hits the Brits and Quickly Spreading Across Globe – Batten Down the Hatches NOW

What’s New?

Last week, numerous hospitals operated by Britain’s National Health Service (NHS) suffered a ransomware event in which hospital computer systems were encrypted, phone lines became inoperable, patients were diverted, and a Bitcoin ransom was demanded. Hospitals across Britain shut down their computer systems in order to protect patient data and prevent further spread and advised people to stay home unless there was an emergency. NHS Digital, Britain’s national hospital cybersecurity overseer, stated that 16 NHS organizations across Britain had reported an incident, but that the attack did not appear to be specifically targeting NHS hospitals. At this time, there is no indication that the ransomware has exfiltrated any personal data from the NHS.

The ransomware affecting the NHS  - known as WannaCry - exploits a flaw in Microsoft software. Although Microsoft released  patch  in March fixing the flaw, the patch has been applied inconsistently, leaving many organizations and individuals vulnerable. WannaCry appears to be spreading across Europe and the globe at a rapid pace. A number of Spanish companies have been significantly impacted by WannaCry, leading Spain to activate a special protocol to safeguard its critical infrastructure. Many commentators think WannaCry could be “the big one” that ransomware experts have been predicting for some time.

Why Should You Care?

Hospitals and other healthcare organizations have increasingly been targetedwith ransomware due to the value of electronic protected health information and the increasingly digital nature of healthcare. The scope of this ransomware attack, however, is unprecedented. Healthcare providers and other organizations should immediately conduct a risk analysis to determine their susceptibility to the WannaCry ransomware and take urgent steps to safeguard against this and other ransomware.

The Office of Civil Rights and the Federal Trade Commission have issued guidance on ransomware, which should be carefully considered by covered entities and their business associates. Healthcare organizations need to be vigilant in their cybersecurity practices to safeguard their systems and patient data, while staying operational during cyber threats.

What’s the Takeaway?

Healthcare organizations should take immediate steps to patch Microsoft vulnerabilities causing the spread of WannaCry. Prompt steps should also be taken to review cybersecurity plans, including performing an updated risk analysis and implementing recovery plans to prepare for a possible ransomware event. Failure to adequately protect electronic protected health information can expose covered entities and business associates to significant liability under HIPAA and state privacy and data security laws. As we have discussed before, best practices for organizations looking to keep their computer systems safe from ransomware include implementing strong security measures, training their workforce, and performing consistent backups.

Arent Fox’s Privacy, Cybersecurity & Data Protection and Health Care groups monitor ransomware issues and other developments in health information privacy and security.

If you have any questions or need assistance on the topic covered here, please contact Sarah Bruno in our San Francisco office; Douglas Grimm or Sam Cohen in our Washington, DC office; Thomas Jeffry, Jr. in our Los Angeles office; Jill Steinberg in our New York office; or the Arent Fox professional who routinely handles your matters.


Add this blog to your RSS feed reader.

Arent Fox In Your Inbox
To subscribe to Arent Fox Alerts and other news, click here.


Arent Fox LLP, founded in 1942, is internationally recognized in core practice areas where business and government intersect. With more than 350 lawyers, the firm provides strategic legal counsel and multidisciplinary solutions to clients that range from Fortune 500 corporations to trade associations. The firm has offices in Los Angeles, New York, San Francisco, and Washington, DC.