Healthcare Targeted Ransomware

Federal agencies have issued an unprecedented warning against “an increased and imminent cybercrime threat to U.S. hospitals and healthcare providers.”

The joint cybersecurity advisory comes from the Cybersecurity Infrastructure and Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the Department of Health and Human Services (HHS).

What should you do?


Experiencing an active cyberattack?

If your hospital or healthcare provider is currently under attackSophos Rapid Response can help immediately, whether you’re a Sophos customer or not.

Delivered by an expert team of incident responders, Sophos Rapid Response provides lightning-fast assistance, identifying and neutralizing active threats against organizations. Onboarding starts within hours, and most customers are triaged within 48 hours. Rapid Response is an industry-first, fixed-fee remote incident response service that identifies and neutralizes active cybersecurity attacks throughout its entire 45-day term of engagement.

Experiencing an active incident and are interested in the Rapid Response service?
Call your regional number below at any time to speak with one of our Incident Advisors.

USA: +1 4087461064
Australia: +61 272084454
Canada: +1 7785897255
France: +33 186539880
Germany: +49 61171186766
United Kingdom: +44 1235635329

Get Immediate Help

Advice for existing Intercept X customers

If you’re an existing Sophos Intercept X customer, ensure that Intercept X is deployed and up to date on every endpoint you’d like to protect – including servers. And while Intercept X is designed to stop targeted ransomware and other advanced attacks, pay close attention to all Sophos Central alerts that surface, and be on the lookout for persistent adversaries who will continue to try and breach your organization. Intercept X Advanced with EDR customers should leverage its powerful threat hunting and investigation capabilities that allow you to ask detailed questions so you can hunt for active adversaries and respond to advanced threats across your entire estate.

Cube team

Get help from human experts

These days ransomware can be the end of a very long attack cycle where attackers may have already been on systems searching for valuable data to steal. Security tools work best in combination with human expertise - leveraging your security analysts to hunt for suspicious indicators and prevent a potential issue. Not all organizations have these skilled resources, so if you need additional assistance from human experts, we’re here to help with our Sophos Managed Detection and Response (MDR) service. Sophos MDR provides 24/7 threat hunting, detection, and response capabilities delivered by an expert team as a fully-managed service. Going beyond simply notifying you of attacks or suspicious behaviors, the Sophos MDR team takes targeted actions on your behalf to neutralize even the most sophisticated and complex threats, including Ryuk and other ransomware families.

Learn More

“Sophos Rapid Response takes immediate action to extinguish the fire, which in the case of a hospital that we helped this month after it was hit by Ryuk ransomware and forced to shut down, meant the difference between life or death.”
Peter Mackenzie, Incident Response Manager, Sophos
“Sophos is working 24 hours a day, so I don’t have to.”
Joshua Dostie, Senior Information Systems Security Specialist, MaineGeneral Health
“Having Sophos here is like having an additional security operations center (SOC) under our control because it’s doing so much of the work for us.”
Joshua Dostie, Senior Information Systems Security Specialist, MaineGeneral Health
“The good news is that Sophos never fails to protect us. It stops everything malicious and provides us with alerts, so we can respond quickly – and to me, that’s worth its weight in gold.”
Cliff Hogan, CIO, D4C Dental Brands
“Sophos has set the bar for security. Its products integrate seamlessly to better service a company’s whole environment.”
Wil Craig, Head of IT, HydraFacial

Add Sophos ransomware protection

If you’re not currently a Sophos endpoint customer, you can leverage the advanced protection found in Intercept X free for 30 days, including Sophos’ leading anti-ransomware technologies. The free trial also features our endpoint detection and response (EDR) capabilities, designed to help maintain IT security operations hygiene and hunt down stealthy threats.

Learn MoreFree Trial

FBI “ransomware warning” for healthcare is a warning for everyone!

Get the Naked Security perspective on the FBI's healthcare ransomware warning.

Read More


Healthcare ransomware guide

This article outlines five critical steps that healthcare organizations can take to stop targeted ransomware attacks. Learn about maintaining IT hygiene, educating your users, minimizing lateral movement, and more.

Read More