Introduction
Over the past decade, technological advances in electronic healthcare records (EHRs) have significantly transformed the medical industry at each level. Unfortunately, despite the positive impacts that emanate from advances in patient-centric management systems, cyber-criminals have also followed and made the data possessed by healthcare organizations key target for malicious attacks (Al Qartah 2020, p.10). According to a recent HIPAA estimate, Ransomware attacks have cost healthcare providers over $20.8 billion between the years 2020 and 2021, making the prevention of these attacks priority for healthcare networks and practices across the board (Al Qartah 2020, p.12). By definition, Ransomware is software that denies victim’s access to vital data until a fee is paid to release the said data. Usually, a Ransomware program encrypts information like electronic healthcare records to make the target of the attack unable to decrypt the information without the codes held by the attackers. Most times, Ransomware is delivered through inviting emails that urge users of the EHR systems to click on them (Al Qartah 2020, p.20). These attacks are pretty disastrous in healthcare as they disclose the client’s private information and result in financial losses. Today, most healthcare systems fall prey to Ransomware attacks as hospital facilities tend to run outdated software and old machines in their operations, making them the prey to Ransomware attacks (Al Qartah 2020, p.10). This document analyses Ransomware attacks in the healthcare practice by examining the security vulnerabilities and threats associated with Ransomware attacks, the techniques of the attack, the solutions, and the challenges that healthcare organizations are likely to face if they implement the currently existing solutions.
Security Vulnerabilities and Threats
Today, the healthcare sector has seen a surge in Ransomware attacks since the inception of patient-centric management systems. This is because they have the key factors that these criminals are looking for in a Ransomware target; money, access point, and a critical use-case, which puts them at threat of the Ransomware criminals (Kiru and Jantan 2019, p.10). Other than these factors, healthcare organizations also face key security vulnerabilities and threats that make them prey for Ransomware attacks, such as; inadequate disposal of hardware, unrestricted access to computers, Online Medical Devices (Internet of Medical Things (IoMT) ), the connection of personal devices to hospital networks, data storage in one locality, and connection of personal devices by healthcare providers.
The key motivation for the Ransomware attackers in the healthcare setting is finances. Ideally, the Ransomware attackers are looking for huge amounts of money fast. As a result, they target organizations such as hospitals as they perceive them to have enough funds to pay a ransom (Kiru and Jantan 2019, p.15). Due to this, these perpetrators create designed software codes to cut off the user’s ability to access the computer systems and afterwards demand a huge ransom to allow healthcare providers to access the information held by these attackers, including patients’ appointments and lab tests, X-ray images, medical information, and medical histories.
Easy access points also make healthcare organizations vulnerable to ransom attacks. For Ransom attackers to hold information on the hospital’s electronic healthcare records (EHR) hostage, they need an opening to enable them to enter into an organization’s network (Kiru and Jantan 2019, p.13). However, many hospitals are under threat as they use the on-premise networks, which make them vulnerable to attacks, especially when they age.
Hospital settings have a lot of urgent and emergency information stored in their electronic management systems, which the majority of them rely on to make decisions. This poses a threat to hospitals as Ransomware hackers get to look for information that is urgently needed to help save a patient’s life and lodge their attack (Kiru and Jantan 2019, p.19). On the other hand, most healthcare practice tends to fall prey to Ransomware attacks due to the critical use-cases in the hospital’s patient-centric management systems.
Apart from the above-discussed factors, which act as a key threat in making the healthcare sector vulnerable to Ransomware attacks,healthcare organizations are also prone to attacks due to the security vulnerabilities and threats in their patient-centric management systems; these include:
- Inadequate Disposal of Hardware
When hospital facilities improperly dispose of hardware systems such as old terminals, hard drives, and other hardware used to access the EHR networks or credentials, then they are at risk of getting the Ransomware attacks as despite deleting the information that was in these devices, this information can still easily be retrieved meaning anything that the user saved in these systems before is still vulnerable to Ransomware attacks (Paul III et al.,2018 pp. 17).
- Unrestricted access to computers
In some hospital facilities, computers tend to be easily accessible by every personnel, including the unauthorized ones (Paul III et al.,2018 pp. 16). However, if these open computers are connected to sensitive information about patients, unauthorized staff or malicious people in the area could easily find sensitive information used for Ransomware attacks.
- Online Medical Devices (Internet of Medical Things (IoMT) )
For the patient-centric management systems to be operated effectively, they tend to depend on online medical devices to hold sensitive patient information (Paul III et al.,2018 pp. 23). However, the security of online medical devices is lacking, making them an easy target for hackers.
- Data Storage in One Locality
Most hospital settings are vulnerable to Ransomware attacks because patient data is stored in one locality in the electronic management systems (Paul III et al.,2018 pp. 30). For instance, if payment and insurance information is stored on one locality in the EHR systems, then the healthcare settings are bound to be vulnerable to attacks because once Ransomware workers attack the system, then they can easily access all the data that they need putting the healthcare setting at risk of ransom.
- Connection of Personal Devices by Healthcare Providers
Healthcare organizations tend to become vulnerable to Ransomware attacks when healthcare providers connect their devices to the EHR systems (Paul III et al.,2018 pp. 17). Healthcare facilities that allow employees to log into the hospital systems using their own devices do not always have security standards that these mobile devices have to follow. This leaves their network vulnerable to Ransomware attackers because despite protecting their systems from outside attacks, Ransomware attackers can opt to use staff’s devices to access the organization’s EHR systems (Paul III et al.,2018 pp. 14). In this case, once staff connects the devices into the organization’s systems, the hackers can get the network information and passwords of these systems, giving them a natural access point to the company’s data.
Techniques to Attack
Ransomware is an ever-growing issue that has recently had a significant impact on healthcare systems. Ransomware threats are bound to worsen in the coming years. By definition, Ransomware is a type of malicious software that cybercriminals utilize to block data owners from assessing their data (Beaman et al.2021, p. 15). Ransom extortionists encrypt the files on the organization’s system and hold them hostage until the ransom demand is paid. To implement the Ransomware attacks, cybercriminals use three key methods; malicious email attachments, silent infections from exploit kits, and malicious email links (Beaman et al.2021, p. 10). These tactics are used to spread multiple Ransomware variants through the hospital networks. The Ransomware techniques include;
- Malicious Email Attachments
With the malicious email attachments, the Ransomware attacker creates an email from a seemingly believable source such as IT or Human Resource and attached the malicious file, such as. JS file, Portable Executable (PE) file, and a Word document (Beaman et al.2021, p. 15). Once the email gets to the recipient, the recipient opens it thinking that the email has been sent from a source that is trusted (Beaman et al.2021, p. 16). Immediately the file is opened, the Ransomware payload gets downloaded unknowingly, the system becomes infected, and the files within the system become held for ransom.
- Malicious Email Links
Similar to the malicious email attachments, Ransomware attackers also use malicious email links to implement the attack. The malicious email links tend to appear as URLs in the email body. These emails are usually sent from someone or an organization that could be believed to be source that is trusted (Beaman et al.2021, p. 18). When clicked, the URL unknowingly downloads malicious files over the web, the system becomes infected, and the files become held for ransom.
- Exploit Kits
Exploit kits ideally refer to sophisticated toolkits that exploit vulnerabilities. Often, exploit kits tend to get executed when a victim visits a site that is compromised with Ransomware viruses (Beaman et al.2021, p. 15). The malicious codes were hidden on the site, mostly in an advertisement (maldvertisement), redirecting one to exploit the kit, landing one to an unnoticed page. Once directed to the unnoticed page, the drive-by download of a malicious payload will be executed, the system becomes infected, and the files get taken for ransom.
The Ransomware attackers use techniques to implement the ransom attack make organizations in healthcare settings vulnerable to these attacks, which mean that any healthcare organization can be the next victim of the attack (Beaman et al.2021, p. 9). As a result, for organizations to overcome the effect of ransom attacks, they ought to stop the attack from ever entering the organization. To effectively do this, healthcare organizations are encouraged to determine and deal with the factors that influence the success of Ransomware attacks (Beaman et al.2021, p. 10). These factors include and are not limited to; Phishing emails/spam, weak passwords, lack of funding for Information Technology (IT) security solutions, poor user practices, and lack of executive buy-in for the adoption of security solutions.
- Phishing emails/spams
Healthcare organizations can easily be attacked by Ransomware attackers using emails and spam (Al Qartah 2020, p.10). These emails often urge one to act quickly to determine whether the email request is legitimate. Healthcare providers in charge of the management of the EHR systems tend to fall prey to phishing emails/spam as they have enticing titles that make the system users want to check the email contents (Al Qartah 2020, p.15). Opening these emails and spams positively influence the Ransomware attacks.
- Weak Passwords
Even though healthcare organizations may understand that allowing employees to use weak passwords may help them remember the password access to the various patient-centric management systems, it acts as a disservice to the organization as it gives cyber attackers a high probability of success in executing Ransomware attacks (Al Qartah 2020, p.13).
- Lack of Funding for Information Technology (IT) Security Solutions
Despite establishing the Electronic Healthcare Record (EHR) system, most healthcare organizations do not have enough funding to ensure that these systems are well guarded using strong security solutions (Al Qartah 2020, p.12). This makes the systems easy to hack, influencing the success of the Ransomware attacks.
- Poor User Practices
Regardless of the implementation of the electronic healthcare record systems in the hospital setting, some staff using these systems have not been well-rained on ways of effectively using the system (Al Qartah 2020, p.10). This results in poor user practice, including failure to use the right strategy to save information on the system and connect their devices directly to the system, influencing the success of the Ransomware attacks.
- Lack of Executive Buy-in for Adoption of Security Solutions
In some healthcare facilities, organization executives may not support adoption of security solutions (Al Qartah 2020, p.8). This, brings challenges in the fastening of security in the organization and expose the company to risks of Ransomware attackers.
Existing Solutions for the Threat
Protection against Ransomware in healthcare organizations requires a lot of layers of defense. The National Institute of Standards and Technology (NIST) gives organizations guidelines which when they follow keenly would help them to become protected from threats of Ransomware (Davies et al., 2020, p. 30). Some of the solutions given by the NIST and which organizations can also follow to protect themselves from potential attacks of the Ransomware are;
- Identify and Fulfill the Cyber-Security Needs For The Organization
For a healthcare organization to protect itself from Ransomware, these organizations should strive to determine the cyber security risks that the organization needs, to be able to effectively manage the scope of their assets, systems, data, and capabilities. With this understanding, organizations should determine which processes or systems are bound to be targeted in a Ransomware attack and the kind of impacts the Ransomware would have on the healthcare organization and fasten the cyber-security of all their data, systems and capabilities to protect themselves from Ransomware attacks (Davies et al., 2020, p. 34).
- Conduct a Cyber-Awareness Training In the Organization
To solve the issue of Ransomware attacks in the organization, cyber security awareness training is vital in protecting the organization against Ransomware. This training ought to instruct employees to; not click on malicious links, open unexpected attachments, and avoid exposing personal data to phishers (Davies et al., 2020, p. 36). Besides, in the training, staff in the hospital facility should be trained on the essence of verifying the legitimacy of software prior to downloading it and not plugging in an unknown USB in the computer systems that contain the organization’s EHR systems.
- Having a Robust Data Backup
The aim of Ransomware is to force victims to pay ransom in order to access given data that have been hacked by ransom attackers (Davies et al., 2020, p. 30). However, this goal can only be effective if the target losses access to their data and have no backup data that they can use after the attack. A good way for healthcare organizations to secure data is to have a backup solution to mitigate the effect of the Ransomware attack (Davies et al., 2020, p. 37). If healthcare organizations manage to back up their systems often, then the data lost to the Ransomware attack will be small or non-existent.
- Establishing a Strong and Secure User Authentication
The other solution that organizations can use to defend and protect themselves from potential Ransomware attacks is establishing a strong and secure user authentication. Enforcing a strong password policy requiring the utilization of a multi-factor authentication can help prevent remote access of the organization’s systems using stolen or guessed login details which will help keep the organization safe of Ransomware attacks (Davies et al., 2020, p. 29).
No technology can be used to serve as a solution to Ransomware. However, to defend and protect themselves against potential Ransomware attacks, hospital facilities ought to use a combination of solutions to successfully combat Ransomware (Davies et al., 2020, p. 33). Multifactor authentication is one of the solutions which serve as the defense against Ransomware.
Drawbacks and Possible Enhancements of the Existing Solutions for the Threat
While securing an organization from the risk of Ransomware attacks is critical in healthcare organizations, certain drawbacks are linked to some of the solutions that keep these organizations secure from the attack. One of the vital drawbacks that will arise upon implementation of the existing solutions for threat is high costs in fulfillment of the cyber-security needs for the organization, training of staff on cyber awareness, and establishment of solid and secure user authentication (Pope 2016, p. 34). The other key drawback in implementing the existing solutions for Ransomware attacks is the consumption of a lot of storage space over time due to data backing up. Backing up data to solve the issue of Ransomware attacks is the use of a lot of time and financial investment to complete (Pope 2016, p. 35). Therefore, despite the concept that backing up data is highly beneficial in helping healthcare organizations protect their data from Ransomware attacks, the act of backing up data is quite expensive and time-consuming and can therefore be termed as a key drawback in ensuring protection against Ransomware attacks.
While this may be a critical drawback, specific enhancements can be made to the process of data backup. These enhancements can be done by avoiding wasting time on resources and time on the wrong type of data or failing to backup data effectively (Pope 2016, p. 34). Besides enhancing the backup solution, the healthcare organization should establish a comprehensive backup strategy. When creating a comprehensive backup strategy, healthcare organizations should also be keen on regular testing of the backup systems (Pope 2016, p. 36). Testing the backup systems helps healthcare organizations have an idea of how long it will take to restore the data. In the event of Ransomware attacks, the organization can retrieve the data required in emergencies fast without considering paying the ransom.
Challenges in the Future
Healthcare organizations that will consider reinforcing the Ransomware solutions provided above will face particular challenges in the future. These challenges would mostly revolve around having a robust data backup system. Some of these challenges include;
- Data storage limitations
In the future, the physical limitations of data storage may result in challenges, more so when external hard drives and servers are used (Thamer and Alubady 2021, p. 215). Running into storage limitations implies that when backing up data for future purposes, one needs to choose what data gets backed up and which one does not.
- The Unreliability of Manual Backup
In the future, the organization is likely to face manual backup issues. Manual backup is always a weakness with an organization’s disaster and data backup solution (Thamer and Alubady 2021, p. 220). This is because the organization’s staff who are currently in charge of backing up the organization’s information through servers and external hard drives may get jobs in other organizations, which may bring a lot of risks with the manual solution.
- Timeliness of data backups
In the future, the organization is likely to have issues with the timeliness of the data backups. Even though some organizations are likely to have appropriate storage and execute manual backups on schedule, they may have stumbling over timeliness. Timeliness can also be influenced by an irregular schedule of backing up data (Thamer and Alubady 2021, p. 230). However, to deal with this challenge in the future, organizations need to increase the frequency of their data backups. Otherwise, organizations may find themselves in situations where they have not been able to back up the necessary data needed in the future and lose data that is quite critical.
- Uncertainty
The other challenge an organization may encounter with backing up data in the future is the uncertainty of what may happen to this data (Thamer and Alubady 2021, p. 235). Uncertainty is used to include an extensive range of risk factors related to data recovery and an organization’s data backup. It implies that even though an organization has a data recovery or backup plan in place, it is not certain that the organization will work properly when they are needed to.
Other than the challenges that are likely to come up in the future apart from that of data backup is the issue of training. This is because technology advances with time, and therefore, despite training employees on how to use the existing EHR systems and be keen in instructing employees not to click on malicious links, open unexpected attachments, and avoid exposing personal data to phishers, the organizations might be forced to conduct more pieces of training in future (Thamer and Alubady 2021, p. 240). This is because not only will the EHR systems advance, but the Ransomware attackers may also come up with new ways of holding an organization’s data hostage. This may force the organization to retrain its staff to help them understand the new ways in which they can protect their organizations from Ransomware attacks (Thamer and Alubady 2021, p. 250). Moreover, the organization may also be required to train its staff in the future, as they are bound to have hired more staff who may not know how to overcome the Ransomware attack. Retraining employees may be a challenge as it will force the organization to use more money to plan and conduct the training.
Conclusively, Ransomware attacks have proved to be a colossal threat because they significantly affect the electronic healthcare records in healthcare settings. This is because; they disclose the client’s private information and result in financial losses. As such, healthcare organizations have to deal with Ransomware attacks to protect the organization’s information.
References
Al Qartah, A., 2020. Evolving Ransomware Attacks on Healthcare Providers (Doctoral dissertation, Utica College).
Beaman, C., Barkworth, A., Akande, T.D., Hakak, S. and Khan, M.K., 2021. Ransomware: Recent advances, analysis, challenges and future research directions. Computers & Security, 111, p.102490.
Davies, S.R., Macfarlane, R. and Buchanan, W.J., 2020. Evaluation of live forensic techniques in ransomware attack mitigation. Forensic Science International: Digital Investigation, 33, p.300979.
Kiru, M.U. and Jantan, A.B., 2019. The Age of Ransomware: Understanding Ransomware and Its Countermeasures. In Artificial Intelligence and Security Challenges in Emerging Networks (pp. 1-37). IGI Global.
Paul III, D.P., Spence, N., Bhardwa, N. and PH, C.D., 2018. Healthcare facilities: another target for ransomware attacks.
Pope, J., 2016. Ransomware: Minimizing the risks. Innovations in clinical neuroscience, 13(11-12), p.37.
Thamer, N. and Alubady, R., 2021, April. A Survey of Ransomware Attacks for Healthcare Systems: Risks, Challenges, Solutions and Opportunity of Research. In 2021 1st Babylon International Conference on Information Technology and Science (BICITS) (pp. 210-216). IEEE.