The U.S. Department of Health and Human Services (HHS) is cautioning providers that it is aware of two large, multistate hospital systems that are continuing to face significant challenges to operations because of the WannaCry malware.

This is not a new WannaCry attack, but rather an effect of the virus remaining on a machine even after the machine's Windows software is patched and anti-virus software has been run. Those two activities block the virus from executing its encryption stage. However, the virus may still disrupt Windows operating systems in varying ways. For example, it may cause the device to reboot or display a "blue screen." HHS states that the virus will not spread from a machine where it still exists to a patched machine.

HHS also released new emergency contact information for the U.S. Food and Drug Administration (FDA) in the event that a practice experiences a suspected cyberattack affecting medical devices: (866) 300-4374. Reports of impact on multiple devices should be aggregated at a system/facility level.

Finally, the HHS Office of Civil Rights has released an infographic and quick-response checklist to explain the steps a covered entity should take in response to a cyber-related security incident. It notes that covered entities must presume protected health information that is improperly accessed, acquired, used or disclosed at the time of a cyber-related security incident is a breach unless:

• The information was encrypted by the covered entity at the time of the incident. 
• The entity determines through a written risk assessment that there was a low probability that the information was compromised during the breach.