Open in app

Sign in

Write

Sign in

Research Paper on Malware

Nick Mckenney
43 min readDec 15, 2023

--

Abstract

This research paper investigates cybersecurity challenges in the healthcare sector, specifically focusing on malware’s impact on people statistically. The study addresses the complexity introduced by healthcare progressions in technology and their relationship to cybersecurity awareness to protect the personal private information of people as well as the hospital’s reputation. Ransomware, which makes up 88% of attacks, often takes advantage of employee’s access to entry points into the healthcare computer system. This emphasizes the importance of cybersecurity training in every field with a computer system involved. Phishing attacks are a significant threat which this paper will go over in detail as well. While patient deaths due to cyberattacks are rare, the financial motivations behind such attacks are high. Government regulations, while well intentioned, do not offer enough protection. The research calls for further study, emphasizing the importance of real-world ransomware analysis and proactive malware prevention as a preferred solution to this critical cybersecurity issue in the healthcare sector.

Research Strategies

It’s important to understand why this problem came into existence in the first place. To be more clear, the problem of data breaches in healthcare. Since this paper solely focuses on attacks within the United States it’s important to first find whether U.S. government regulations are “fair” in terms of protecting individuals’ privacy and punishing healthcare institutions and attackers who don’t take this privacy seriously. Other questions brought up to begin research were if there is an upward trend in cyber attacks on healthcare, and if so, what is the cause of it? This question evidently created an issue since it was later discovered that the government created laws protecting healthcare institutions from disclosing breaches. Other critical questions to ask were if hospitals are ready to join the digital world and digitize patient records. Perhaps they joined too early and the move towards EHR(Electronic Health Records) was too early. This type of question is critical since data breaches take advantage of patient records being electronic and on computer systems. Finally, it’s important to find the impact of these attacks on people and if any suffering financially or physically took place. To begin this research strategies needed to take place in finding reputable sources in Google Scholar and National Library of Medicine. As with any research paper, peer-reviewed sources are critical to building up evidence and presenting it to the reader. The sources collected address different aspects of ransomware and data breaches in healthcare, ranging from understanding the nature of attacks to measurement of real-world examples. This paper will give a well-rounded perspective on breaches in hospitals. The main themes of these sources are how healthcare is the prime target of cyber attacks and how ransomware is the main type of malware in those attacks. This will allow for research in this paper to shift away from the keyword malware to a more specific keyword “ransomware” which will make the paper more detailed on the impact of the attacks on society as a whole. Continuing on these sources proved to show a focus on data security and privacy and how some attacks led to medical records being compromised and even part of identity theft crimes. Sources also go into how the operations of these medical facilities can be compromised which leads to delayed medical care. There is also the presence of evolving tactics by cyber criminals and the techniques used to gain access to these computer systems. This serves to protest the question of whether law enforcement investigators can keep up with the crime and even build protections fast enough. The information gained from this research allows for a brief analysis of how healthcare facilities can properly defend themselves which serves the public interest. In summary, the literature on ransomware and data breaches in healthcare represents the challenges and risks faced by healthcare institutions. The examples made by these sources show part of the challenges to be in data security, patient privacy, operational disruptions, and evolving cybercriminal tactics. With this in mind, the paper will go each each of these challenges in detail.

Introduction

This paper will explore ransomware and data breaches and investigate how these lead to compromises in data security, operations, and the reputation of healthcare institutions in America. Identifying possible effective countermeasures to protect both personal and hospital interests. The problem of ransomware in today’s society is that it leads to data breaches and financial losses. Healthcare is brought up as a main topic since it is the biggest target of ransomware today. Ever since the world is transforming away from paper records, cybercriminals have focused on healthcare due to it being an easy target, and information stored is valuable to the black market. This transformation away from paper records is due to something called EHR. Electronic health records are a type of documentation used in hospitals for keeping up to date with patient information. However, a common downside is the amount of data contained in them. Data breaches in the U.S. healthcare industry will be the heart of research in this paper. An initial prediction before any research was initiated was the idea that data breaches or cyber-attacks on U.S. healthcare institutions have a statistical impact on the health or injury rates of people in hospitals. As defined by a writer for Maturitas which is a peer-reviewed scientific journal “Breaches can reduce patient trust, cripple health systems and threaten human life”(Coventry,2018). A threat to human life creates a compelling topic to write about when it comes to cyber-attacks. A Crippling of health systems is scary to anyone who is most vulnerable which is definitely found in hospitals. This creates an initiative to explore further into details of attacks not seen on paper in healthcare institutions. This paper was inspired by there being many sides to this topic regarding these cyber attacks with differing opinions on the subject matter. What this paper aims at is to critically analyze the evidence presented from both sides and present this to the audience to allow them to decide for themselves whether the U.S healthcare institutions are at fault for cyber attacks that result in possible death as described by Lynne Coventry as worst case scenario or even financial lost of those impacted. It is also critical to analyze the motives for these attacks and if the government should be held accountable for these terrible attacks. By looking into how malware can possibly create a compromise in data security, disrupt operations, and tarnish reputations. This study will display the impact of attacks in relation to personal and healthcare institutions’ interests in the digital world created by evolving technology.

Malware Attacks and Data Breaches in Healthcare

Data breaches can be the worst thing a hospital can experience. It is defined by the US Department of Health and Human Services as quote “intentional or non-intentional use or disclosure of confidential health information”(Choi 2021). This leads to the hospital in this case having financial and reputational loss. Potentially physical harm as well which was initially predicted. As for the COVID-19 crisis, which spiked an increased workload with a larger focus on patient care along with the increase in remote work. This made it harder for hospitals to detect data breaches promptly manner. This was all due to there being many new challenges the hospitals have not faced. On the topic of it making it harder to detect a data breach due to remote work. It takes “organizations 197 days to identify a data breach and 69 days to contain it, on average [6]. That amount of time to detect a data breach is considered long and costs organizations millions of dollars”(Alkinoon, 2021). When hospitals take nearly 200 days to find out about a data breach and then about 70 days to deal with it, it’s a big problem for both the hospitals and the people they serve. For patients, it means their private info is exposed for a long time, making them more likely to be victims of identity theft or other scams. For hospitals, it’s not just about losing money. It is also about losing the trust of the people they’re supposed to take care of. This slow response time gives the hackers more opportunities to sell a patient’s info or further compromise it. It’s valid to have questions asked on how malware affects society and whether there are proper protections in place to protect a person’s privacy. It’s important to first go over the number of data breaches in U.S. healthcare to analyze whether this is a critical subject to dig into. It is important to first answer the question of the difference between a malware attack and a data breach in healthcare. Malware attacks involve the deployment of malicious software, such as ransomware, with the primary goal of the attacker being to infiltrate a network. Malware can infect computers and medical devices which disrupt operations and cause financial harm. These types of attacks are often initiated with the intent to exploit vulnerabilities which in many cases come through phishing which will be explored later on. This also does lead to extracting sensitive patient information, or demand ransoms. A data breach in the healthcare sector will refer to unauthorized access and disclosure of sensitive patient information. This usually can not be done without involving malware. While malware attacks can lead to data breaches, not all data breaches result from malware. It is later learned that most breaches do occur due to human errors and not so much misconfigured security settings. With that out of the way, it’s time to dig into the trend of attacks on healthcare. An attack on Johns Hopkins surgical residency at a trauma center led to health information systems being offline for 2 months. A study of those residents took place by Jane Zhao, Evan Kessler, and more who are writers in regard to healthcare. Their conclusion was “significant stress upon surgical residents providing trauma patient care and made attending surgeons make greater efforts to be more effective teachers”(Jane Zhao,2018). When surgical residents are under significant stress, especially while providing trauma patient care, it creates a tough situation for everyone involved. This stress in this case is when hospital systems are offline for two months, adding an extra layer of difficulty to an already extremely difficult job. The long downtime not only disrupts the usual flow of hospital operations but also puts a strain on the teaching and learning environment as learned from Zhao. Attendings, already dealing with the challenges of trauma patient care, are now tasked with navigating through system failures. In this scenario, the need for effective teaching becomes even more crucial. Overall this downtime due to the systems being offline not only impacts patient care but also contributes to a complex and challenging environment for both learners and educators in the surgical setting. Moving on to 2021, an unknown vendor for Radiation Oncology suffered a ransomware attack. This vendor had information on “patient dose records for 6 locations”(Amy Harrison, 2022). The significant impact was “ No patients were treated in the first 24 hours of the attack”(Amy Harrison, 2022). This created situation where no patients were treated in the first 24 hours of a cyberattack on a radiation oncology system is serious. First, it reflects a direct impact on patient care. Second, radiation oncology is a critical component of cancer treatment, and any interruption in providing scheduled therapies can have immediate and potentially serious consequences for patients. The fact that a cyberattack could halt patient treatments for a significant period raises concerns about the strength and security of the critical medical infrastructure. It was also discovered their RVS(Record and verify system which serves as a quality assurance) system which is what stores information for patient dose records was not fully functional for a total of 4.5 weeks. This type of attack should be a concern for any patient receiving high dosages of medicine and records of it later being lost. A rather disappointing fact is this vendor admitted they learned from this attack was to create a “backup of essential information”(Amy Harrison, 2022). Any practicing cyber or IT professional could have explained this to this vendor if hired. With this specific attack mentioned, its also important to look at a dataset. Kim who published Information Security Applications claimed there were “769 incidents containing a loss of data regarding their effect on availability, representing 90% of the total incidents”(Kim, 2021). This was based on a study solely based in 2021 from a dataset called VERIS.

Kim further stated that from their research that “1,045 out of total data 1,937 incidents had information disclosure, representing 54% of the total incidents, 882 had a potential information disclosure, representing 46%, while only two incidents that had no information disclosure at all and eight incidents are unknown”(Kim, 2021). From the provided data gained by Kim, it suggests that these incidents may have posed a risk to data security, although actual exposure may not have occurred. The studies from Kim also found that ransomware and phishing were prominent threat actors with stolen credentials being a significant component of the cybercriminal actions. The most common attack that caused these types of incidents was through email. This type of attack is called phishing. On the topic of email attacks, “in 2018, a phishing incident at Baylor Medical in Texas resulted in the exposure of personal data belonging to 47,000 patients”(Wasserman 2022). The biggest impact on patients for this leak was the patient’s full name, phone number, and home address. This is very unfortunate since most people would feel unsafe having their home address leaked to the world permanently now with their full name attached for anyone to see. Other data breaches occurred “In November 2017, 107,000 healthcare records were exposed from data breaches, and 340,000 records were exposed in December 2017”(Muller, 2021). This terrible case only happened in Florida at a gynecology facility. The result of this attack on the patients was lost blood data logs including sugar and pressure levels. Some of these logs were completely lost due to the attack. It mostly came down to staff scanning paper documents that became irrecoverable. This type of attack was a ransomware attack. This paper will go through more of these types of attacks and the consequences people suffer from them later on.

More On VERIS Dataset

VERIS which is Vocabulary for Event Recording and Incident Sharing) database. This is a way to analyze data breaches in the healthcare sector only. This describes security incidents and creates an open-source database so healthcare industries can share their mistakes and help manage their risk management system. This was established by a nonprofit community and Verizon was the one that launched it. Overall VERIS organizes all data breaches and in this case for the healthcare sector. “Contrary to the common belief that the number of attacks is increasing, the VERIS database found that the number of breaches has been decreasing since 2013, per VERIS reporting”(Verizon, 2023) on the healthcare industry. The international security conference that records incidents over each year did get progressively worse. If an organization can detect a “data breach incident in less than 30 days from the date it happened can save up to $1 million”(Verizon, 2023). Its also important to mention that it can take up to 21 years to find 100% of the patients impacted by a data breach. It is discovered from the VERIS dataset that out of 1937 incidents, 1045 had information disclosure. Only 2 incidents of the breaches had no data loss from the healthcare sector. Other information collected from this data set was “payment information which had 61 incidents, representing 3% of the dataset. Other targeted information include unknown (44; 2%), banking (33; 2%), credentials (23; 1%), and others (18; 1%)”(Verizon, 2023). Most of these data breaches were in result of poor security. In fact “36% of the data was stored unencrypted, 30% stored, 25% unknown, 3% printed, 2% transmitted unencrypted, and 4% with other attributes.”(Choi, 2021). The VERIS dataset was studied and it was revealed that ransomware is the predominant malware threat to hospitals, constituting 82% of incidents, with phishing accounting for 69% of social threat actions. Stolen credentials were responsible for 80% of the attacks on hospitals. Careless errors made by staff accounted for 92% of attacks. Additionally, privilege abuse accounted for 59% of threat actions in the misuse category, and email and web applications were prominent vectors across various threat categories, indicating the shift of valuable data to the cloud. In summary, ransomware and phishing are major cybersecurity threats, while stolen credentials and errors are significant vulnerabilities. Email and web application vectors are critical in most threat categories, reflecting the migration of data to the cloud.

Best Further Practices and Measurement of Failures

As part of this research paper, it is important to provide insights into the strategies and even best practices for preventing cyber threats, especially in the healthcare industry. This source provides useful insights into the percentage of healthcare facilities being attacked. About “94% of healthcare organizations have experienced at least one of these types of cyber-attacks”(Williams ,2015). Slayton and this paper pointed out multiple times that data is profitable for anyone who gets their hands on it. In fact “An EHR, for instance, is worth between 10 and 100 times more than credit card information in the black market”(Slayton,2018). Lastly, even very credible healthcare centers are being hacked like Kaledia Health which was only due to a simple spear phishing tactic by the cyber criminal. Spear phishing is a deceptive email that may appear to be from someone you know and its goal is to request information from people who can obtain it easily and its very targeted. This happened twice in 2017 for Kaledia health and over 3000 patient records were compromised. This shows that this center did not learn from the previous attack which goes to show how important basic cyber security knowledge is needed by any practicing professional. Recommendations from this source to improve security in healthcare could be blockchain technology. Other basic approaches are as simple as risk management. However, there is a compelling argument against risk management when it comes to phishing, which is gone over later. In short, training employees to not click on phishing emails is not as effective as it may seem.

Possible Malware Complexity

As mentioned earlier, the goal of this paper is to help the audience understand ransomware’s impact on society. To understand the impact it is useful to understand how ransomware works on a basic level. This section is placed after several references to these types of attacks since the audience will have a better appreciation for why these attacks can sometimes not be easily preventable. This research by the author Barr focused on the detection of this type of malware through the use of Normalized Compression Distance (NCD), which measures the shared information content of two strings, such as binary executables. The study explores the effectiveness of NCD in identifying ransomware by comparing suspect programs to a collection of labeled malware and benign software. The results show that NCD can classify disk resident malware(in this case ransomware) with 97.4% accuracy and a low false positive rate of 3%(Barr, 2020). This is useful to any management of a business since as this paper explains detection of malware is critical in the early stages. The research by this author demonstrated that NCD-based detection is competitive with commercial anti-malware tools, which means it is a great option for malware detection.

Ransomware Attacks on Healthcare

The below chart shows how during the Wannacry week what the admissions rate at the hospital was like. In short, Wannacry created serve disruptions in hospitals by exploiting vulnerabilities in Windows systems if they were not updated. It’s pretty clear there was not a statistical difference in admission rates which does make sense since being initially sick has no attribute to a computer virus. Though there is a clear impact the WannaCry cyberattack had on the health service sector and reveals that there were substantial disruptions and financial losses. This type of ransomware resulted in a 6% decrease in hospital admissions, including “1100 fewer emergency department admissions and 2200 fewer elective admissions”(Ghafu,r 2019). What was the biggest area of concern was that outpatient appointments were significantly affected. There were about 13,500 cancellations during this attack week(Ghafu,r 2019). Fortunately, there was no increase in mortality rates. Which did disprove an initial guess before this research. However when it came to patient trust in the hospital, it was surprising to see “there was no statistically significant difference in the total level of activity across all trusts during the week of the WannaCry attack”(Ghafur, 2019). However when it came to only outpatient visits, “ infected trusts had on average 50% more cancellations than non-infected trusts per day”(Ghafur, 2019). What the biggest impact wannacry had on a patient level was there resulted in about 13,500 appointments being cancelled(Ghafur, 2019). Finally to push the point further that ransomware does not cause an increase in death rates, author Tully MD found there was no “difference in mortality between the baseline of the National Health Service facilities and the week of the attack”(Tully,2023). The above graphic as well as the journal helps bring the idea that vulnerabilities in the healthcare sector due to cyberattacks need lots of cybersecurity investment. This includes incident management procedures, and a strong security culture to ensure patient safety. Moving onto another research by author Tully and other authors, it is found that a similar cyber attack led to “records of nearly 150,000 patients compromised as a result of the breach. Operational disruptions persisted for 4 weeks after the attack was first detected”(Tully 2023). From this statement it is learned that only after the breach was initially discovered that it was found there were significant ongoing impacts on the affected hospital. Operational disruptions did increase and systems experienced difficulties in providing healthcare services and managing patient records. These disruptions continued for a period of four weeks which indicates the severity of simple attacks. Author Tully highlights another attack on “May 1, 2021, an HDO(This is healthcare delivery organization. They are responsible for delivering health-related services to hospitals) with 4 hospitals care centers had more than “1300 combined inpatient beds failures and 19 outpatient facilities was infected with ransomware”(Tully 2023). This point eventually is brought up again with how patient beds are connected to many devices which increases the attack vector towards the hospital. It is important to also mention the conclusions of the study made by Tully as a result of this attack. “The median total LOS for admitted patients was 614 minutes (IQR, 424–1093 minutes) prior to the attack, which increased to 822 minutes”(Tully, 2023). As an aside. The below table shows a brief summary of how a simple ransomware attack works

https://www.ncbi.nlm.nih.gov/pmc/articles/PMC9212240/

Differing Opinions on Trends of Attacks

Sources are split between cyber-attacks on healthcare are increasing rapidly, while others claim that there is a decrease. So it is important to show these biases. There were “374 ransomware attacks, the annual number of ransomware attacks on health care delivery organizations more than doubled from 2016 to 2021, exposing the personal health information of nearly 42 million patients”(Neprash, 2022). Neprash explains that overall from January 2016 to December 2021, the U.S. healthcare sector saw a sharp increase in ransomware attacks, totaling 374 incidents and affecting 42 million patients’ protected health information(Neprash, 2022). Moreover, the annual number of attacks more than doubled from 43 to 91. These attacks disrupted healthcare services in 44.4% of cases, “including electronic system downtime (41.7%), scheduled care cancellations (10.2%), and ambulance diversions (4.3%)”(Neprash, 2022). With such detailed data it is important to understand how it was collected. This was through the THREAT database. In short, every security breach reported to this system. This was not directly, the database itself searched for keywords on the web and then collected the information. Learned from these findings overall was that larger healthcare organizations were more likely to be targeted, with higher PHI exposure and lower data restoration success rates. This is showing to be a recurring trend in the research of how most restoration attempts are not 100% successful.

History of Cyber Attacks in Healthcare

A question of how the growth of cyber-attacks started to surge in healthcare is fair. Well, healthcare is shown to be a serious threat when it comes to any type of cyber-attack. This all started through hospitals digitizing their practices to enhance patient care. A fair concern could be raised that maybe hospitals are led into the digital world too fast since they are showing to be unprepared and have poor cyber protections. In fact “The FDA recalled 465,000 St. Jude Medical pacemakers in 2015, following reports that the devices were susceptible to attacks”(Wasserman 2022). Although this is rather dated, this highlighted a major attack that was based on digitizing practices which allowed for easier vulnerabilities to be found. It is quite frightening to see such a large recall for a personal medical device that is responsible for saving a patient’s life. Eventually, as more technology was involved with healthcare so did attack severity began increasing. Now jumping into the COVID-19 pandemic. Although it didn’t cause cyber attacks to start on healthcare, it certainly showed a rapid severity of the type of attacks. As claimed by Menaka, “healthcare organizations and universities are now also facing heightened cyber-security threats in the midst of the pandemic”(Menaka, 2021). Most of this can be attributed to how all medical records are moving away from paper-based copies to digital copies. This does indeed make the patients and all hospital staff process of going through personal medical information a lot more efficient. Just because a change can make a process more efficient doesn’t excuse for it to be implemented if cyber protections were not first thought of. Continuing on, “by 2019, 24% of cyberattacks were in the healthcare industry (5). During 2014–16, 90% of hospitals and clinics experienced at least one data breach, and 45% experienced at least five data breaches”(Wasserman 2022). After these incidents per year, Wasserman claims that incidents have tripled in the past decade. This does go against what the VERIS database found that the number of breaches has been decreasing since 2013. These two contradictions are later explained in U.S. government regulations with an interesting insight into loopholes hospitals take advantage of. So with all this information presented, a question of why target hospitals can be presented. A very common reason is money. Most hacks throughout the United States are due to greed on behalf of the black hat hacker(This is a type of hacker that only hacks on behalf of the benefit of themself). When it comes to healthcare, money accounts for “91% of data breaches (25). Each patient record is worth an average of $50 on the darknet (11), and a complete set of medical records can earn up to $1,000”(Darrell,2022). So what is the benefit of people buying this information on the darknet? Well, one good reason is identity theft and impersonation. This type of impersonation usually has a goal of getting personal medical devices which then can be sold at a higher rate on the net. Blackmailing and even large phishing campaigns of those who had their data leaked are other tactics. These phishing emails towards patients with data leaked can be strategically targeted towards them and makes for high click counts. Finally, the hacker of the patient records can just have bad motives and change critical information which of course results in disastrous effects. Now besides money as a motive for hacking, there other indeed many others. The best next thought to come to mind and author Wasserman agrees on is political. A good example can be during a war between countries. Causing harm to the civilians of an opposing country would be part of this political motive. Although not part of the United States, a good point towards this claim is by authors Alyiu and Luo. They found that “a Romanian hospital’s data was ransomed, as a statement against quarantine restrictions during the COVID-19 pandemic”(Aliyu,2021). What resulted as an impact due to this attack was many patients being redirected through other hospitals. Due to the transportation of many patients because of the attack “infections started spreading rapidly among healthcare workers and patients”(Dascalu,2020).

Attack Surface in Hospitals

As stated before, hospitals are jumping into the world of tech a little too soon it seems. As mentioned earlier, hospital beds are now more interconnected than ever before. A common bed in a hospital is connected to 10–15 devices in U.S hospitals(Coventry & Branley, 2018). Jumping first on the positives of this interconnectivity. Due to this connectivity automation and remote patient monitoring is more common and way more efficient. However, a common side effect is an increase in an attack surface. What this means is a possible extra opening for an attacker to infiltrate a network. If one device has a vulnerability leaked, it becomes much easier to pivot into the network. A common practice done by hackers is a method called enumeration. What this essentially does is scan a network for all possible ways in and use open-source research to find potential weaknesses. This takes a long time but is one of the first procedures in a successful attack. What’s more scary is how confident hospitals are in defending themselves. Their cyberteam or IT staff are under-teamed. Yet a survey found that “50% of these providers believe they can defend themselves from cyberattack” (Martin et al., 2017). Though these numbers dont add up at all. “There has been a 300% increase in cyberattacks in the healthcare industry” (Janofsky, 2019). So what is causing most of these breaches? Well, 36 percent of healthcare organizations named unintentional employee action as a breach cause(Ponemon Institute, 2017). Unfortunately, this type of information does not resonate with healthcare institutions. Most claim breaches are due to 3rd party vendors and not them. There is a light at the end of the tunnel in this case though. Most healthcare organizations do claim they are most responsible and they should be monitoring their 3rd party vendors more often since they are first in contact with patient data. More self-awareness is found that 56% believe they don’t have a proper budget for incident response. Incident response when it comes to healthcare is essentially a process that involves containment, eradication, and recovery. What this essentially means is when an incident is discovered isolating systems from further disaster is the first step. Then identifying the root cause of the incident and patching up that vulnerability is next. Restoring systems and patient data is final. This type of situation causes concern for the lack of budget and is a good reason why healthcare has become such a large target. If an attacker finds recurring patterns that a hospital’s disaster recovery plan is rather inadequate, it makes for an easy target. This final point leads to the next analysis which is the fault of the breach. The number of breaches rising in hospitals can be attributed to bad training from management. The healthcare staff are getting emails from other healthcare companies with requests to click on links or open attachments(Javaid,2023). After the section of PMDs, this paper goes into phishing with more detail.

Personal Medical Devices

As known by the public, personal medical devices are crucial for a patient’s life. Pacemakers or even insulin pumps are not going away and are increasing in count every year. These devices are also a source of vulnerability for the patient. This means they completely rely on the vendor or hospital that provided them with this device. Kintzlinger found that the FBI stated “Cyber actors will likely increase cyber intrusions against health care systems — to include medical devices which is due to higher financial payout”(Kintzlinger, 2019) Overall some of these attacks were on a “PMD was denial-of-service situations caused by draining the battery.” What this means is that the attack is flooding the device with a high volume of traffic or requests. Think of it like a friend consistently saying Hey Bob over and over again with no response being returned. This is scary for any patient with a medical device. A patient may experience arrhythmias or bradycardia due to this attack. The table above shows that lots of PMD are vulnerable to these attacks. This is a call to action for all hospitals responsible for these devices. Implementing proper procedures of these PEDs should be done through federal regulation which will be touched on later in this paper. Hospitals without regulation of the government will not have any incentive to prevent leaks or train employees.

Phishing Prevention

Phishing defined by NIST involves tricking individuals into disclosing personal information through deceptive means. This is a common threat actor in the healthcare system across the world. Phishing attacks are a prevalent threat with the primary goal of extracting passwords and other confidential information. These attacks often target employees who have access to sensitive information within organizations. Early detection is crucial when it comes to phishing as it can “prevent phishing emails from ever reaching employees’ inboxes”(poptot.co,2023), reducing the risk of mass computer infections and data compromise. To combat these threats, hospitals should prioritize employee education to enhance their awareness and understanding of phishing tactics. Also adding email filters, implementing two-factor authentication, and maintaining regular system updates are essential steps in fortifying the security posture against phishing attacks. By taking these measures healthcare can protect against data loss and phishing threats in the healthcare sector.

A Phishing Experiment

A study done on an anonymous US healthcare institution was done. The 2 images which will be

reviewed show the results of the study. The study was done on “A total of 5416 unique employees went through all 20 campaigns during the intervention period; 772 people clicked on at least 5 emails and were labeled offenders”(Gordon 2019). Throughout this research period, only 18% of employees did not click on any phished/fake emails. This study was only started on this anonymous

institution due to there being such a high click rate of simulated phishing emails done by the administration. Healthcare staff were provided real-time training if they failed the phishing simulation proved to be a failure. These were considered high-risk employees. Real-time is defined as once an employee fails a phishing email test they are immediately required to take an online class. Throughout 20 campaigns there was a decrease in click rate for all groups. Unfortunately, though there was still no significant improvement. The mandatory training program which was initiated after campaign 15, did not have a substantial impact on click rates, and the offenders remained more likely to click on a phishing simulation on campaigns 16–20 despite the notification that they were being targeted for mandatory training.

This research group concluded that phishing click rates although alarmingly high do generally improve with repeated simulated phishing campaigns. What this research proves is just simple classroom training is not the solution to proper protection against phishing. The graph to the right shows a brief summary of the campaign results. Although unfortunate, it is a good lesson to administration and cybersecurity teams that just simple training will not resolve malware infection rates through email attachments. Other actions like firewalls and other

email filtering applications need to be in place.

Actual Phishing Attacks on Healthcare

Moving to actual phishing attacks where employees click on email links that are malicious and not just a test. Magellan Health suffered a phishing attack in 2020 of April. The breach was reported as affecting a little over a million Magellan Health members. 1.7 million records of patients were affected. What makes this worse is Magellan Health failed to disclose the attack which breaches HIPPA. HIPPA requires healthcare providers to disclose data breaches if over a certain amount. Magellan only notified the public of the attack in November which is far too late. Due to this wrong, the health provider was sued for 1.4 million.

Making it Easy to Detect Ransomware

Packers are making it harder to detect dangerous malware. Malware is normally detected with struggle and black hats who create the malware tend to have the advantage over white hats who do the protections. A good way to make malware more detectable by antivirus is by adding system calls and signatures. Hackers don’t do this and this allows for the malware to go past many filters. A unique strategy for making malware more detectable is creating the signature itself and inserting it into the public. There is a group doing exactly that and they made the EEE packer. As a summary, they reported the malware to a site called VirusTotal which will learn how this malware was created and then understand how to pick it up. The research paper previously referred to was titled “Getting Ahead of the Arms Race”. The brilliance of creating an “entropy-based polymorphic packer for Windows executables”(Menéndez, 2021) which was eventually entered into the cloud tool as mentioned before, VirusTotal is pivotal for protecting hospitals that only use 3rd party software for protection. To summarize all of what was just said. A group is purposefully creating malware and uploading it to a site called Virustotal. They continuously train VirusTotal to understand the malware they upload with the goal of it detecting it successfully. What this does is prevent a bad ethical hacker from using this malware since VirusTotal will now be trained to identify it and prevent it from going past the filters hospitals will have in place. Even with these groups making it harder for hackers to develop exploits there is still one solution that should be done in a classroom setting. All healthcare individuals must go through training in cybersecurity. College degrees want students to select topics outside of their major in order to have a well-rounded student. Students majoring in computer science are still required to take courses in English, history, and physics. With this in mind, it would make sense to have students majoring in the healthcare sector to take at least one class in cybersecurity as an absolute requirement since they hold responsibility for so much personal private information. Cybercriminals take advantage of healthcare professionals’ lack of knowledge in security to exploit information to make a profit. As learned before phishing is part of a threat actor when it comes to hospitals in relation to malware. A successful phishing attack is just as devastating as an internal employee creating the attack themselves. A recent study found that “on average, as much as 14.2% of these phishing emails were clicked on by employees”(Jalali 2020). Although the previous paragraph discussed the importance of training, it was found that “mandatory training programs did not make a large difference in reducing clicking rates on phishing links. This was analyzed in “Phishing Prevention”. Recent evidence indicates that approximately “70% of hospitals fail to establish or uphold sufficient privacy and security measures ”(Jalali 2020). Although this seems disappointing, other researchers counter this claim with their own research, with the below graph and the conclusive statement that the “use of negative punishment, such as that in the document training group, to reinforce the importance of being aware when clicking on links will result in users proactively using caution when opening emails, attachments, and clicking on links.”(Carella, 2017) The document training group was when a group failed a simulation phishing test and then there were required to read through a document about security measures in email links.

Through more research, it was learned that patient deaths through cyber attacks are almost not nonexistent. Recent research found that a cyber attack in “Germany led to a patient’s death, perhaps the first death in healthcare directly attributable to a cyberattack”(Landman, 2021). This was a very rare incident and not many occur, fortunately. Other research supporting the claim that hospitals need to improve their security posture comes from issues of regulatory measures. For the most part, government regulations are what keep hospitals having some sort of security measure. Though these government “regulations can be too basic to effectively protect hospitals, like the Centers for Medicare and Medicaid Services mandating only simple antivirus and antimalware tools for hospitals using their services”(Landman, 2021). Part of the purpose of this article by Landman was to find viewpoints that challenge the thesis of the research paper. As mentioned before the goal of the research paper is to educate and provide insight in the ineffective measures hospitals are taking towards cyber security. The source “Why Employees Still Click on Phishing Links” showed that training for proper security awareness is partially and at best effective through punishment. Although this is an unfortunate practice, what can be done is classroom-trained practice of cybersecurity topics like phishing early on in college. More research still needs to be done on this claim since currently this assessment only goes over 3 researchers’ study on phishing simulated tests on healthcare professionals. More insight into the actual ransomware attacks rather than case studies will be a first step. Something this paper is briefly attempting to do.

A Solution for Hospitals

Now going over how hospitals can protect themselves against ransomware.Web content filtering is a valuable cybersecurity tool for hospitals to protect against ransomware attacks since it is actively filtering out potentially harmful web content. This can lead to occasional inconveniences, such as blocking non-malicious websites. Another good protection is whitelisting. Whitelisting provides users with access to pre-approved, trustworthy websites. This approach is particularly effective in detecting potential smishing attacks, ensuring that users only access known safe resources. The biggest challenge hospitals will face is keeping whitelists current since there is a constant introduction of new websites. Flaws with this method may be that outdated whitelists may hinder healthcare organizations’ operations by unintentionally blocking access to legitimate resources. Next is IDS. IDS protects patient data and medical systems since it detects attacks. Though with this healthcare organizations need more skilled personnel who can respond to alerts effectively and address potential threats. Still, an IDS will serve as a critical tool for checking for anything from unintended emails all the way to an active attack on the hospital. Again it’s important to keep in mind that some hospitals respond to active threats way too late due to no awareness of it taking place.Lastly, an updated firewall maintained by staff actively. Healthcare organizations can utilize firewalls to prevent ransomware attacks. By inspecting incoming and outgoing traffic. Firewalls can detect and block malicious code, preventing the installation of ransomware on healthcare devices and networks.

As an example, a healthcare worker working from home receives a suspicious email containing ransomware with an attachment. The firewall detects the malicious code and prevents it from infecting the user’s device, safeguarding patient data. This is brought up since COVID-19 caused lots of healthcare professionals to work from home. There were claims that incidents of attacks on healthcare through malware were in decline. As mentioned earlier from a period between 2016 to 2021 a research study “documented 374 ransomware attacks on health care delivery organizations that exposed the PHI of 42 million individuals”(Neprash, 2022). To add to this study. Results were obtained and claimed that there were major disruptions on electronic systems. From a sample set of 374 attacks, 156 attacks were brought systems offline. More results from the study are “cancellations of scheduled care (38 [10.2%]), and ambulance diversion (16 [4.3%])”(Neprash,2022). This is brought up again since all of this was caused by a simple ransomware attack with an employee clicking on a link. The solution to prevent this would have been a possible whitelisting for email accounts and an IDS to detect all possible malware.Finally, only about 20% of healthcare organizations (20.6%) were able to restore data from backups after those 374 ransomware attacks. Also 16% of the attacks publicly exposed some or all of the stolen patient data, often on dark web forums. Care delivery disruptions occurred in 44.4% of ransomware attacks, with some lasting over 2 weeks. All of these consequences are the result of poor cybersecurity.

Protection Against SamSam Ransomware

SamSam ransomware is known to target the healthcare industry. It is infact not malicious through emails or reliant on poorly trained staff. It comes through unpatched servers. Best ways to prevent this type of ransomware or any type from successfully taking down a system is to backup files in 3 different formats which is known as the 3–2–1 rule. Of course patching software updates and working with 3rd party vendors is a must. A network segmentation plan should also be developed by the hospital which will properly put users in the appropriate network user group to prevent high level access. This is done because hackers take advantage of privilege escalation. If the user is not privileged to see all records of patients, the hacker cant do anything else. Overal this simple preventable attack described in the above paragraph was due to the hacker having access to the remote access portal and logging in with a vendor’s username and password which was not regularly changed. Patients were affected since it prevented them from logging into the portal of medstar. Webservers were mostly affected which just made it for patients to wait until they could be treated.

Ryuk Cyber Attack on DHS

A cyber attack impacted DCH’s(Department of Human Services) ability to accept new patients. This attack again uses phishing emails to gain access to the hospital’s computer systems. A simple opening of the email attachment is all it takes. This Ryuk ransomware is the most dangerous to the healthcare industry according to DHS. Universal Health Services lost $67 million due to this ransomware. This was due to them taking nearly a month to restore systems. They still have not found any entry that had unauthorized access. This ransomware was hitting 20 health providers every week at the beginning of 2020. Many of medical devices are old which means there is no support for updates. This allowed for cyber threats towards these devices to be high and it is why ryuk ransomware succeeded.

U.S. government regulations/Protections

Its time to point fingers at the government, more specifically the U.S government.

Government regulations in the healthcare sector, while well-intentioned, appear to have unintended consequences that may make the issue of data breaches worse. Wasserman points out that “many more data breaches than are reported because regulations require disclosure only of large-scale breaches — those affecting 500-plus records”(Wasserman 2020). This may be the reason why the VERIS dataset strongly claimed that data breaches have been going down in number since 2013. This limitation in reporting criteria made by the government can potentially conceal the true extent of data breaches in healthcare. Moreover, Wasserman underscores how “Patient ID data can, for example, be used to request free medical insurance coverage, like Medicare”(Wasserman, 2022). The confluence of regulatory reporting thresholds and the valuable nature of patient data may inadvertently be contributing to the growing challenges of data breaches in healthcare. A possible reevaluation of regulatory approaches to this industry should be raised.

More on Protections of EEE

It is not directly implied through this paper that there arms race in cybersecurity, where malware and antivirus software continually evolve in response to each other. As the above sections reference hospitals, there is a reliance on 3rd party antivirus software. A research group took another approach which is called “hothousing”. This involves using program analysis to accelerate the evolution of this arms race. Essentially it improves malware concealment abilities and forces antivirus systems like VirusTotal to enhance their detection capabilities. So evading antivirus is the goal of the hacker, so the research group did the exact same thing and introduced an evolutionary packer called EEE, which aims to control binary entropy signatures to evade malware detection. This mouthful of text means that the code is changing basically to avoid being detected of a pattern. From this the group “continually improved EEE in response to VirusTotal, eventually learning a packer that produces packed malware whose evasiveness goes from an initial 51.8% median to 19.6%”(Menéndez, 2021). The above graph will serve as useful since it indicates how packers can really affect the detection rate of all malware. The team initially had their malware sample undetected by 52% of the time. Eventually, this number went to 20%. So what does this mean for healthcare? Well by first acknowledging it is all preventable by proper employee awareness. This is learned from the study during the covid 19 crisis, that successful ransomware attacks come down to an employee “directly installing the threat which is at a percentage of 45%. Email attachment comes second most common malware breach vector with 32%”(Menéndez, 2021). A later section goes over the positives and even negatives of employee training. With that being said the threat actor of a simple social engineering attack should be taken seriously. Training employees with basic cyber security knowledge is crucial. If the DoD requires all its employees and contractors regardless of job occupation to get a certification in cyber security, healthcare should do the same.

What was Learned and Conclusion

This research paper granted an opportunity to look into a vulnerable sector in the United States that does not receive much attention when it comes to cyber security. The sources gathered throughout this research addressed different aspects of ransomware and data breaches in healthcare, ranging from understanding the nature of attacks to measurement of real world examples. They offered a well rounded perspective for this research paper as well as both biases to the topic. The main themes of these sources are how healthcare is now the prime target of cyber attacks and being that ransomware is the main type of malware in those attacks. It shocking to find that personal private information is 10 times more valuable than financial information when it is sold on the black market. It is completly understandable how this has led to mistrust over healthcare institutions alike due to there being recurring breaches. This mistrust can also be due to how simple the attacks are. Although difficult this research made a clear shift away from an indepth analysis of the malware attacked to appeal to a larger audience since informing the public of the knowledge gained is the general purpose. Continuing on these sources showed a focus on data security and privacy and how some attacks led to comprises of medical records and even identity theft. More sources also went into how operations of these medical facilities can be comprised which leads to delayed medical care. Though it is surprising to hear patient death or injury rates due to this was not enough to have any statical difference. There is also presence of the evolving tactics by cyber criminals and the techniques used to gain access. In summary, the literature on ransomware and data breaches in healthcare represents the challenges and risks faced by healthcare institutions. The examples made by many of these sources show part of the challenges to be in data security, patient privacy, operational disruptions, and the evolving cyber criminal tactics. Perhaps the best way to beat this evolving threat is joining the race of finding the vulnerabilities like the research group presented in this paper did.

Items learned from these sources are that threat actions are classified into seven primary categories: “malware, social engineering, hacking, misuse, physical, error, and environmental”(Verizon,2023). The studies from this source also found that ransomware and phishing were prominent threat actions and with stolen credentials being a significant component of the cyber criminal actions. Various attacks were identified for each threat action category, with email and web applications being common sources of attacks in multiple categories.

It is frustrating how most case studies were done through simulated attacks. Hence it is encouraged for further researchers to look at past mistakes made by healthcare professionals and analyze those metrics. This paper has attempted to do that briefly. Deaths in healthcare due to cyber attacks are very rare and were not the issue of the research paper. This was a fortunate realization through looking at reports of cyber-attacks. Taking the Change away from how there is a potential for public physical harm if an attack takes place on a hospital is necessary due to those metrics to make a completing case for this paper. Finally a solution that is a strong favorite and will be gone into detail after finishing this paper is the prevention of malware. A favorite reading was finding the group of researchers from an article called “Getting Ahead of the Arms Race” that created malware for the purpose of it being detectable before a bad threat actor could get hold of it. This idea needs to be further researched since this impact is on a global scale and it identifies a solution for how to prevent attacks and improve a current serious issue happening throughout society.

In summary, the healthcare sector is vulnerable to many threats. This mostly comes down to not properly trained staff when it comes to cyber security. Risk management and budgets are poor for hospitals in the United States when it comes to cyber. Learned in the previous paragraphs was how open source projects could be a large potential for increasing security in hospitals with the research on EEE. This will ensure that healthcare organizations can stay one step ahead of malicious actors seeking to compromise patient data and critical medical systems. Though the hospitals need to take a proactive approach in enhancing their own cybersecurity since they are responsible for safeguarding sensitive patient information and maintaining the integrity of healthcare systems. Putting the blame on 3rd party vendors is not a responsible thing to do which most hospitals are currently doing after a cyber-attack.

References

A. Carella, M. Kotsoev and T. M. Truta, “Impact of security awareness training on phishing click-through rates,” 2017 IEEE International Conference on Big Data (Big Data), Boston, MA, USA, 2017, pp. 4458–4466, doi: 10.1109/BigData.2017.8258485.

  • “use of negative punishment, such as that in the document training group, to reinforce the importance of being aware when clicking on links will result in users proactively using caution when opening emails, attachments, and clicking on links.” page 25

Alkinoon, M., Choi, S. J., & Mohaisen, D. (27 October 2021). Measuring healthcare data breaches. SpringerLink. https://link.springer.com/chapter/10.1007/978-3-030-89432-0_22

  • “Intentional or non-intentional use or disclosure of confidential health information” Page 7
  • “organizations 197 days to identify a data breach and 69 days to contain it, on average [6]. That amount of time to detect a data breach is considered long and costs organizations millions of dollars” Page 7
  • “36% of the data was stored unencrypted, 30% stored, 25% unknown, 3% printed, 2% transmitted unencrypted, and 4% with other attributes.” Page 30

Alshahwan, N., Barr, E. T., Clark, D., Danezis, G., & Menéndez, H. D. (2020). Detecting Malware with Information Complexity. Entropy (Basel, Switzerland), 22(5), 575. https://www.mdpi.com/1099-4300/22/5/575

  • “The results show that NCD can classify disk resident malware(in this case ransomware) with 97.4% accuracy and a low false positive rate of 3%

Beaman, C., Barkworth, A., Akande, T. D., Hakak, S., & Khan, M. K. (2021). Ransomware: Recent advances, analysis, challenges and future research directions. Computers & security, 111, 102490. https://pubmed.ncbi.nlm.nih.gov/34602684/

Beware of phishing attacks: Hackers Exploit QR codes and Zero-day vulnerabilities. PopTot. (n.d.). https://poptot.co/p/beware-of-phishing-attacks-hackers-exploit-qr-codes-and-zero-day-vulnerabilities/

  • “prevent phishing emails from ever reaching employees’ inboxes” Page 21

Bhuyan, S. S., Kabir, U. Y., Escareno, J. M., Ector, K., Palakodeti, S., Wyant, D., Kumar, S., Levy, M., Kedia, S., Dasgupta, D., & Dobalian, A. (2020). Transforming Healthcare Cybersecurity from Reactive to Proactive: Current Status and Future Recommendations. Journal of medical systems, 44(5), 98. https://doi.org/10.1007/s10916-019-1507-y & https://link.springer.com/article/10.1007/s10916-019-1507-y

Burrell, D. N., & Aridi, A. S. (2022, January). Exploring holistic managerial thinking to better manage healthcare… ResearchGate. https://www.researchgate.net/publication/363046004_Exploring_Holistic_Managerial_Thinking_to_Better_Manage_Healthcare_Cybersecurity

  • “In November 2017, 107,000 healthcare records were exposed from data breaches, and 340,000 records were exposed in December 2017” Page 11
  • “91% of data breaches (25). Each patient record is worth an average of $50 on the darknet (11), and a complete set of medical records can earn up to $1,000” Page 17

Coventry, L., & Branley, D. (2018). Cybersecurity in healthcare: A narrative review of trends, threats and ways forward. Maturitas, 113, 48–52.https://pubmed.ncbi.nlm.nih.gov/29903648/

  • “Breaches can reduce patient trust, cripple health systems and threaten human life” Page 5
  • A common bed in a hospital is connected to 10–15 devices in U.S hospitals Page 18

Dameff, C., Tully, J., Chan, T. C., Castillo, E. M., Savage, S., Maysent, P., Hemmen, T. M., Clay, B. J., & Longhurst, C. A. (2023). Ransomware Attack Associated With Disruptions at Adjacent Emergency Departments in the US. JAMA network open, 6(5), e2312270. https://doi.org/10.1001/jamanetworkopen.2023.12270

  • “records of nearly 150,000 patients compromised as a result a breach. Operational disruptions persisted for 4 weeks after the attack was first detected” Page 14
  • “difference in mortality between the baseline of the National Health Service facilities and the week of the attack” Page 14
  • “May 1, 2021, an HDO(This is healthcare delivery organization. They are responsible for delivering health related services to hospitals) with 4 hospitals care centers had more than “1300 combined inpatient beds failures and 19 outpatient facilities was infected with ransomware” Page 14
  • “The median total LOS for admitted patients was 614 minutes (IQR, 424–1093 minutes) prior to the attack, which increased to 822 minutes” Page 15

Dascalu S. (2020). The Successes and Failures of the Initial COVID-19 Pandemic Response in Romania. Frontiers in public health, 8, 344. https://www.ncbi.nlm.nih.gov/pmc/articles/PMC7381272/

  • “infections started spreading rapidly among healthcare workers and patients” Page 18

Ghafur, S., Kristensen, S., Honeyford, K., Martin, G., Darzi, A., & Aylin, P. (2019). A retrospective impact analysis of the WannaCry cyberattack on the NHS. NPJ digital medicine, 2, 98. https://pubmed.ncbi.nlm.nih.gov/31602404/

  • “1100 fewer emergency department admissions and 2200 fewer elective admissions” Page 13
  • There were about 13,500 cancellations during this attack week Page 13
  • “there was no statistically significant difference in the total level of activity across all trusts during the week of the WannaCry attack” Page 13
  • 13,500 appointments being cancelled Page 14

Gordon, W. J., Wright, A., Glynn, R. J., Kadakia, J., Mazzone, C., Leinbach, E., & Landman, A. (2019). Evaluation of a mandatory phishing training program for high-risk employees at a US healthcare system. Journal of the American Medical Informatics Association : JAMIA, 26(6), 547–552. https://www.ncbi.nlm.nih.gov/pmc/articles/PMC6515532/

  • “A total of 5416 unique employees went through all 20 campaigns during the intervention period; 772 people clicked on at least 5 emails and were labeled offenders” page 22

Harrison, A. S., Sullivan, P., Kubli, A., Wilson, K. M., Taylor, A., DeGregorio, N., Riggs, J., Werner-Wasik, M., Dicker, A., & Vinogradskiy, Y. (2022). How to Respond to a Ransomware Attack? One Radiation Oncology Department’s Response to a Cyber-Attack on Their Record and Verify System. Practical radiation oncology, 12(2), 170–174. https://pubmed.ncbi.nlm.nih.gov/34644601/

  • “patient dose records for 6 locations” Page 9
  • “ No patients were treated in the first 24 hours of the attack” Page 9
  • “backup of essential information” Page 9

He, Y., Aliyu, A., Evans, M., & Luo, C. (2021). Health Care Cybersecurity Challenges and Solutions Under the Climate of COVID-19: Scoping Review. Journal of medical Internet research, 23(4), e21747.https://pubmed.ncbi.nlm.nih.gov/33764885/

  • “a Romanian hospital’s data was ransomed, as a statement against quarantine restrictions during the COVID-19 pandemic” Page 18

ID Experts. (2017, May). Sixth Annual benchmark study on privacy & security of healthcare data. Ponemon Institute. http://www.ponemon.org/research/ponemon-library/security/sixth-annual-benchmark-study-on-privacy-security-of-healthcare-data.html

  • 36 percent of healthcare organizations named unintentional employee action as a breach cause

Jalali, M. S., Bruckes, M., Westmattelmann, D., & Schewe, G. (2020). Why Employees (Still) Click on Phishing Links: Investigation in Hospitals. Journal of medical Internet research, 22(1), e16775. https://www.ncbi.nlm.nih.gov/pmc/articles/PMC7005690/

  • “on average, as much as 14.2% of these phishing emails were clicked on by employees” page 25
  • “70% of hospitals fail to establish or uphold sufficient privacy and security measures ” page 25

Jalali, M. S., Landman, A., & Gordon, W. J. (2021). Telemedicine, privacy, and information security in the age of COVID-19. Journal of the American Medical Informatics Association: JAMIA, 28(3), 671–672. https://www.ncbi.nlm.nih.gov/pmc/articles/PMC7798938/

  • “ Germany led to a patient’s death, perhaps the first death in healthcare directly attributable to a cyberattack” Page 26
  • “regulations can be too basic to effectively protect hospitals, like the Centers for Medicare and Medicaid Services mandating only simple antivirus and antimalware tools for hospitals using their services”Page 26

Janofsky, A. (2019, October 6). Smaller medical providers get burned by ransomware. Wall Street Journal. https://www.wsj.com/articles/smaller-medical-providers-get-burned-by-ransomware-11570366801

  • “There has been a 300% increase in cyberattacks in the healthcare industry”

Javaid, M. (2023, March 11). Towards insighting cybersecurity for Healthcare Domains: A comprehensive review of recent practices and Trends. Cyber Security and Applications. https://www.sciencedirect.com/science/article/pii/S2772918423000048

  • The healthcare staff are getting emails from other healthcare companies with requests to click on links or open attachments

Kintzlinger, M., & Nissim, N. (2019). Keep an eye on your personal belongings! The security of personal medical devices and their ecosystems. Journal of biomedical informatics, 95, 103233.https://doi.org/10.1016/j.jbi.2019.103233

  • “Cyber actors will likely increase cyber intrusions against health care systems — to include medical devices which is due to higher financial payout” page 20

Kim, H. (2021). Information security applications 22nd International Conference, WISA 2021, Jeju Island, South Korea, August

  • “769 incidents containing a loss of data regarding their effect on availability, representing 90% of the total incidents” Page 10
  • “1,045 out of total data 1,937 incidents had information disclosure, representing 54% of the total incidents, 882 had a potential information disclosure, representing 46%, while only two incidents that had no information disclosure at all and eight incidents are unknown” Page 10

Martin G. Martin P. Hankin C. Darzi A. Kinross J. (2017). Cybersecurity and healthcare: How safe are we?BMJ (Clinical Research Ed.), 4, j3179. Advance online publication. 10.1136/bmj.j317928684400

  • “50% of these providers believe they can defend themselves from cyberattack” Page 19

Muthuppalaniappan, M., & Stevenson, K. (2021). Healthcare cyber-attacks and the COVID-19 pandemic: an urgent threat to global health. International journal for quality in health care : journal of the International Society for Quality in Health Care, 33(1), mzaa117. https://pubmed.ncbi.nlm.nih.gov/33351134/#:~:text=International%20and%20national%20regulatory%20bodies,the%20healthcare%20sector%20during%20this

  • “healthcare organizations and universities are now also facing heightened cyber-security threats in the midst of the pandemic” Page 17

Menéndez, H. D., Clark, D., & T Barr, E. (2021). Getting Ahead of the Arms Race: Hothousing the Coevolution of VirusTotal with a Packer. Entropy (Basel, Switzerland), 23(4), 395. https://doi.org/10.3390/e23040395

  • “entropy-based polymorphic packer for Windows executables” page 24
  • “continually improved EEE in response to VirusTotal, eventually learning a packer that produces packed malware whose evasiveness goes from an initial 51.8% median to 19.6%” Page 32

Neprash, H. T., McGlave, C. C., Cross, D. A., Virnig, B. A., Puskarich, M. A., Huling, J. D., Rozenshtein, A. Z., & Nikpay, S. S. (2022). Trends in Ransomware Attacks on US Hospitals, Clinics, and Other Health Care Delivery Organizations, 2016–2021. JAMA health forum, 3(12), e224873. https://pubmed.ncbi.nlm.nih.gov/36580326/

  • “374 ransomware attacks, the annual number of ransomware attacks on health care delivery organizations more than doubled from 2016 to 2021, exposing the personal health information of nearly 42 million patients” Page 15
  • 374 incidents and affecting 42 million patients’ protected health information Page 15
  • “including electronic system downtime (41.7%), scheduled care cancellations (10.2%), and ambulance diversions (4.3%)” Page 15
  • “cancellations of scheduled care (38 [10.2%]), and ambulance diversion (16 [4.3%]).” Page 27

Spence, N., & Paul, D. (2018). Ransomware in Healthcare Facilities: A Harbinger of the Future? https://www.proquest.com/docview/2539305467?pq-origsite=gscholar&fromopenview=true

Slayton T. B. (2018). Ransomware: The Virus Attacking the Healthcare Industry. The Journal of legal medicine, 38(2), 287–311. https://pubmed.ncbi.nlm.nih.gov/30289741/

  • “An EHR, for instance, is worth between 10 and 100 times more than credit card information in the black market” Page 11

Wasserman, L., & Wasserman, Y. (2022, July 7). Hospital cybersecurity risks and gaps: Review (for the non-cyber professional). https://www.frontiersin.org/journals/digital-health/articles/10.3389/fdgth.2022.862221/full

  • “in 2018, a phishing incident at Baylor Medical in Texas resulted in the exposure of personal data belonging to 47,000 patients” Page 10
  • “The FDA recalled 465,000 St. Jude Medical pacemakers in 2015, following reports that the devices were susceptible to attacks” page 16
  • “by 2019, 24% of cyberattacks were in the healthcare industry (5). During 2014–16, 90% of hospitals and clinics experienced at least one data breach, and 45% experienced at least five data breaches” Page 17
  • “many more data breaches than are reported because regulations require disclosure only of large-scale breaches — those affecting 500-plus records” Page 29
  • “Patient ID data can, for example, be used to request free medical insurance coverage, like Medicare” Page 30

Williams, P. A., & Woodward, A. J. (2015). Cybersecurity vulnerabilities in medical devices: a complex environment and multifaceted problem. Medical devices (Auckland, N.Z.), 8, 305–316. https://doi.org/10.2147/MDER.S50048

  • “94% of healthcare organizations have experienced at least one of these types of cyber-attacks” Page 11

Zhao, J., & Kessler, E. (2018, November 23). Impact of Trauma Hospital Ransomware Attack on Surgical Residency Training. xMDL. https://www.x-mol.net/paper/article/1213017100209295384

  • “significant stress upon surgical residents providing trauma patient care and made attending surgeons make greater efforts to be more effective teachers” Page 8

2023 data breach investigations report. Verizon Business. (2023). https://www.verizon.com/business/en-gb/resources/reports/dbir/

  • “Contrary to the common belief that the number of attacks is increasing, the VERIS database found that the number of breaches has been decreasing since 2013, per VERIS reporting”Page 30
  • “payment information which had 61 incidents, representing 3% of the dataset. Other targeted information include unknown (44; 2%), banking (33; 2%), credentials (23; 1%), and others (18; 1%)”Page 30

--

--

Nick Mckenney
Nick Mckenney

Written by Nick Mckenney

21 Followers
6 Following

No responses yet

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams