International Research Journal of Innovations in Engineering and Technology - IRJIET International Open Access, Monthly, Peer Reviewed, Reputed Journal ISSN (online): 2581-3048

Impact Factor (2025): 6.9

DOI Prefix: 10.47001/IRJIET

Ransomware Threats Targeting the Healthcare Sector

Abstract

Security is essentially a consideration in any computer system which holds sensitive or critical data. Ransomware attacks which are primarily based on encrypting critical data and demanding for a ransom to decrypt them, is one of the best approaches in harvesting money from critical industrial firms rather than damaging the information infrastructure. Even though general ransomware practices include encrypting critical data, sometimes it can come in a form of a threat to leaking of sensitive data to the public. Among the critical infrastructures in the healthcare industry, patient’s Personally Identifiable Information (PII) and also the operational data related to mission critical systems are the top concerns. Leaking of PII can cause a huge damage to the privacy of the patients who obtain the healthcare service for that particular healthcare provider. On the other hand, any system delays, malfunctions of inaccessibility or unavailability of operational data related to mission critical systems can cause hindrances to the usual operations of the healthcare provider and eventually will case a life-threatening situation to the patients as well. Through this research review, a comprehensive understanding to the topics; what is ransomware, why ransomware target health industry, what is the damage caused, new ransomware attack trends, mitigative steps and future research scopes are presented to the audience. At the end of the paper, overall conclusion made by analyzing reported incidents is presented with recommendation to mitigate the effects of future ransomware threats, targeted on healthcare industry.

Country : Sri Lanka

1 Deemantha N. Siriwardana

  1. Undergraduate BSc (Hons) in Cyber Security, Sri Lankan Institute of Information Technology, Sri Lanka

IRJIET, Volume 8, Issue 1, January 2024 pp. 158-167

doi.org/10.47001/IRJIET/2024.801019

Full Paper
Download

References

  1. Kaspersky, "What is Ransomware?," Kaspersky, 2022. [Online]. Available: https://www.kaspersky.com/resourcecenter/threats/ransomware. [Accessed 16 May 2022].
  2. U.S. Department of Health & Human Services , "Health Information Privacy," U.S. Department of Health & Human Services , 2022. [Online]. Available: https://www.hhs.gov/hipaa/index.html. [Accessed 16 May 2022].
  3. N. A. R. A.K.Maurya, "Ransomware: Evolution, Target and Safety Measures," International Journal of Computer Science and Engineering, vol. 06, no. 01, pp. 80-85, 2018.
  4. J. F. Dyro, Clinical Engineering Handbook, NewYork: Academic Press, 2004.
  5. A.Q. Ayed, "Evolving Ransomware Attacks on Healthcare Providers," Utica College ProQuest Dissertations Publishing, New York, USA, 2020.
  6. A.M. Malcolm Harkins, "The Ransomware Assault on the Healthcare Sector," HEINONLINE, 2018. [Online]. Available: https://heinonline.org/HOL/LandingPage?handle=hein.j ournals/jlacybrwa6&div=16&id=&page=. [Accessed 16 May 2022].
  7. R. Brandom, "UK hospitals hit with massive ransomware attack," THE VERGE, 12 May 2017. [Online]. Available: https://www.theverge.com/2017/5/12/15630354/nhshospitals-ransomware-hack-wannacry-bitcoin. [Accessed 16 May 2022].
  8. S. K. K. H. G. M. A. D. P. A. S. Ghafur, "A retrospective impact analysis of the Wanna Cry cyberattack on the NHS," npj Digital Medicine, p. Article number 98, 02 October 2019.
  9. Cybersecurity & Infrastructure Security Agency, "Ransomware Activity Targeting the Healthcare and Public Health Sector," Cybersecurity & Infrastructure Security Agency, 28 October 2020. [Online]. Available: https://www.cisa.gov/uscert/ncas/alerts/aa20-302a. [Accessed 16 May 2022].
  10. TREND MICRO, "What Is RYUK Ransomware?," TREND MICRO, 2022. [Online]. Available: https://www.trendmicro.com/en_us/whatis/ransomware/ryuk-ransomware.html. [Accessed 16 May 2022].
  11. W. S. E. T. K. B. M. A. M. D. J. M. B. J. G. J. R. B. Lauren E Branch, "Trends in Malware Attacks against United States Healthcare Organizations, 2016-2017," GLOBAL BIOSECURITY, New South Wales, Australia, 2019.
  12. M. J. M. Dr. Rajashekhar Karjagi, "What can IoT do for healthcare," wipro, [Online]. Available: https://www.wipro.com/business-process/what-can-iotdo-for-healthcare-/#:~:text=IoT%20has%20applications%20in%20healthc are,physicians%2C%20hospitals%20and%20insurance%20companies.&text=They%20can%20track%20patients'%20adherence,connect%20with%20the%20pati. [Accessed 16 May 2022].
  13. ordr, "10 INTERNET OF THINGS (IOT) HEALTHCARE EXAMPLES," ordr, [Online]. Available: https://ordr.net/article/iot-healthcareexamples/. [Accessed 16 May 2022].
  14. P. M. O'Hara, "Internet of Things Risks in the Energy and Healthcare and Public Health Sectors of U.S. Critical Infrastructure," Utica College ProQuest Dissertations Publishing, Eisenhower Parkway, Ann Arbor, USA., 2019.
  15. H.-J. L. Pradeep Kumar, "Security Issues in Healthcare Applications Using Wireless Medical Sensor Networks: A Survey," Sensors, vol. 12, no. 01, pp. 55-91, 2011.
  16. N. S. N. B. A. C. David P. Paul III, "Healthcare Facilities: Another Target for Ransomware Attacks," in 54th Annual MBAA Conference, Chicago, USA, 2018.
  17. A.N. Bruno Kelpsas, "Ransomware in Hospitals: What Providers Will Inevitably Face When Attacked," The Journal of Medical Practice Management: MPM, vol. 32, no. 01, pp. 67-70, 2016.
  18. S. J. R. I. a. J. G. Mozammel Chowdhury, "Malware Detection for Healthcare Data Security," in International Conference on Security and Privacy in Communication Systems, Cham, Denmark, 2018.
  19. R. A. Noor Thamer, "A Survey of Ransomware Attacks for Healthcare Systems: Risks, Challenges, Solutions and Opportunity of Research," in 2021 1st Babylon International Conference on Information Technology and Science (BICITS), Babil, Iraq, 2021.
  20. K. K. Gagneja, "Knowing the ransomware and buildng defense against it - specific to healthcare institutes," in 2017 Third International Conference on Mobile and Secure Services (MobiSecServ), Miami, FL, USA, 2017.
  21. T. B. Ibrahim Nadir, "Contemporary cybercrime: A taxanomy of ransomware threats & mitigation techniques," in 2018 International Conference on Compting, Mathematics and Engineering Technologies (iCoMET), 2018.
  22. J. Pope, "Ransomware: Minimizing the Risks," National Library of Medicine, 01 December 2016. [Online]. Available: https://www.ncbi.nlm.nih.gov/pmc/articles/PMC530071 1/. [Accessed 16 May 2022].
  23. D. P. I. A. C. Nikki Spence, "Ransomware in Healthcare Facilities: The Future is Now," in Academy of Business Research, Fall 2017, Atlantic City, New Jersey, USA, 2017.

Copyright @ 2026-2017 IRJIET. All Right Reserved.

Developed by Byzero Technologies