What should you do?

Experiencing an active cyberattack?

If your hospital or healthcare provider is currently under attack, Sophos Rapid Response can help immediately, whether you’re a Sophos customer or not.

Delivered by an expert team of incident responders, Sophos Rapid Response provides lightning-fast assistance, identifying and neutralizing active threats against organizations. Onboarding starts within hours, and most customers are triaged within 48 hours. Rapid Response is an industry-first, fixed-fee remote incident response service that identifies and neutralizes active cybersecurity attacks throughout its entire 45-day term of engagement.

Please contact Sophos customer support and inform the representative that you are experiencing an active incident and are interested in the Rapid Response service.

Toll Free: 1-888-SOPHOS-9 (1-888-767-4679)
International: 1-781-494-5800
Local contact information is also available by selecting your region in the “For Critical Cases” orange box on the support page.

Advice for existing Intercept X customers

If you’re an existing Sophos Intercept X customer, ensure that Intercept X is deployed and up to date on every endpoint you’d like to protect – including servers. And while Intercept X is designed to stop targeted ransomware and other advanced attacks, pay close attention to all Sophos Central alerts that surface, and be on the lookout for persistent adversaries who will continue to try and breach your organization. Intercept X Advanced with EDR customers should leverage its powerful threat hunting and investigation capabilities that allow you to ask detailed questions so you can hunt for active adversaries and respond to advanced threats across your entire estate.

Get help from human experts

These days ransomware can be the end of a very long attack cycle where attackers may have already been on systems searching for valuable data to steal. Security tools work best in combination with human expertise - leveraging your security analysts to hunt for suspicious indicators and prevent a potential issue. Not all organizations have these skilled resources, so if you need additional assistance from human experts, we’re here to help with our Sophos Managed Threat Response (MTR) service. Sophos MTR provides 24/7 threat hunting, detection, and response capabilities delivered by an expert team as a fully-managed service. Going beyond simply notifying you of attacks or suspicious behaviors, the Sophos MTR team takes targeted actions on your behalf to neutralize even the most sophisticated and complex threats, including Ryuk and other ransomware families.

Add Sophos ransomware protection

If you’re not currently a Sophos endpoint customer, you can leverage the advanced protection found in Intercept X free for 30 days, including Sophos’ leading anti-ransomware technologies. The free trial also features our endpoint detection and response (EDR) capabilities, designed to help maintain IT security operations hygiene and hunt down stealthy threats.

Other resources

FBI “ransomware warning” for healthcare is a warning for everyone!

Get the Naked Security perspective on the FBI's healthcare ransomware warning.

Healthcare ransomware guide

This article outlines five critical steps that healthcare organizations can take to stop targeted ransomware attacks. Learn about maintaining IT hygiene, educating your users, minimizing lateral movement, and more.