Research paper for Emerging threats and Countermeasure on Healthcare organization with ransomware Below are you need to cover and what is your role in the research. Background Methodology Data Analys

Running head: LITERATURE REVIEW 0

Threats on the U.S Health Care through Ransomeware

Student’s Name

Institutional Affiliation

Threats on the U.S Health Care through Ransomware 3

Background 3

Research questions 3

Research hypothesis 4

Methodology 4

Data analysis 4

Discussion 10

Conclusions 11

For the past years, healthcare organizations have experienced the far-reaching effect of ransomware. Ransomware is a computer algorithm that interferes with specific parts of personal data and informs that victim of the attack; with a digital message demanding payment of vast amounts of money; otherwise, the critical information is destroyed. Healthcare institutions such as Erie County Medical Center have fallen victims of ransomware. In 2007, the hospital lost access to almost 6,000 computers as a result of ransomware attack, which led to six weeks of physical operations and a revival procedure that in the end cost the health center $10M (Coventry & Branley, 2018). Such incidences led to an urgent need for implicit interventions and countermeasures to put an end to such acts in the future. However, little has improved even with the deployment of different anti-ransomware efforts (Coventry & Branley, 2018). The reasons for this failure are too many and complex. However, through a literature review, this paper will provide an understanding of the reasons behind the failure to mitigate the health threat of data privacy breach and the possible ways around the obstacles.

The main research question is: with the increased number of ransomware threatening the operational and reputational characteristics of the healthcare organizations in the U.S, what are the major causes for this threat and how can the problem be solved. The secondary question includes; to what extent have organizations and policies on privacy data protection helped healthcare organizations preserve the intact data privacy protection.

This project hypothesizes that with an effective security system, and increased investment in data privacy protection, the effects of ransomware can be significantly reduced.

The primary research method was literature review, which involved comparison of different studies on the factors that promote and encourage ransomware attacks. Also, the methodology involved assessing studies that focused on the available mitigation measures towards combating ransomware and improving quality of healthcare services and reliability.

In the article “Ransomware—Give Me Back My Files!” Adam C. Solander, Adam S. Forman, and Nathaniel M. Glasser (2019)opine that ransomware is on the rise in the American Healthcare sector and that organizations need to implement strategic measures towards combating the issue. The authors suggest that organizations are highly susceptible to attacks from cyber attackers by citing examples of healthcare institutions that have fallen prey to such crimes (Glasser, Solander & Forman, 2019). Healthcare organizations are at risk of losing critical information about their patients and the employees, and most importantly, their finance. Because these criminals target a wide range of institutions, the authors suggest that every healthcare organization need to put in place a comprehensive backup system that will enable them re-establish their data in cases of such events (Glasser, Solander & Forman, 2019). Also, training employees on ways of spotting cases of fraudulent activities is another countermeasure to combat the rising number of impacts of such threats.

Although the authors have not specified the research questions, it seems that the central question for their research is “what are the impacts of ransomware and the possible and effective ways of combating it among healthcare organizations” (Glasser, Solander & Forman, 2019). The research methodology also does not come out clearly, although it seems they used a qualitative research methodology. Since their study involved healthcare organizations, the data used majorly focused on healthcare institutions that have fallen victim of the same criminal offense. In conclusion, they managed to provide adequate data to support and answer their research question, using reliable evidence.

In “Health Care Held Ransom: Modifications to Data Breach Security & the Future of Health Care Privacy Protection,” Ryan M. Krisby investigates the factors that can be used to determine the future of healthcare data safety protection. He says that the level of compliance with the security measure across the healthcare sector is right. However, his concern is about the efficiency of the security measures and the policies that safeguard the safety of healthcare privacy protection. Through survey analysis, the author presents several instances where the security measures have failed to guarantee data protection across the healthcare sector. He notes that ransomware and other cyber-threats has only been on the rise, noting that "Over two years, economic losses to healthcare organizations from data security breaches ranged from less than $10,000 to well over $1 million” (Krisbyt, 2018). In the end, Krisby (2019) observes that with the strengthened ransomware protections, healthcare institutions have a strong need to modify their data security efforts. From the results of his study, one could see that the future of healthcare data privacy protection relies on the efficiency of the modifications to the current safety policies on ransomware.

Nikki Spence, David P. Paul III, and Alberto Coustasse, in “Ransomware in Healthcare Facilities: The Future is Now” found out that dangers linked to ransomware attacks on healthcare amenities consist of financial, prospect production failure and damage to name. Also, they hypothesized that healthcare facilities be supposed to have a disaster preparation with enough data backups and train human resources which are the usual sources of ransomware attacks (Spence, Paul III & Coustasse, 2017). That way, healthcare organizations will have created an adequate and potentially effective way of mitigating instances of ransomware and its associated impacts. However, their primary hypothesis was that in the event of a ransomware attack, hospitals might suffer significant profit loss if they are not prepared with adequate information technology resources and business continuity/disaster recovery policies (Spence, Paul III & Coustasse, 2017). The authors used a literature review research methodology, which involved the recognition of the factors of ransomware attacks and how these factors promote or discourage these attacks.

According to these authors, the number of ransomware has not only increased within the healthcare sector but also has gravely affected other sectors. Effective prevention and to escape additional risk factors from ransomware attacks, Spence et al. (2019), suggest that these organizations should begin implementing the mitigation measures now. Waiting for the future only calls for an increase in the risk factors that promote the spread of ransomware attacks and the associated impacts. However, the study had some limitations, most of which were on the research methodology; limited research strategy, lack of contemporary research on ransomware and the use of inadequate information to support the long-term influence of ransomware in healthcare (Spence, Paul III & Coustasse, 2017). However, the study has provided a critical overview of the possible factors that can be examined to understand ransomware and how negatively it is a threat to healthcare. Also, if left unmitigated, ransomware can grow to become a significant issue, due to its potential effects and possibilities.

Just like other authors on the same issue, Thomas B. Slayton argues that ransomware has increased terrorizing the healthcare sector for a long time and that the possibilities that it may reduce with new data privacy protection technologies are minimal. However, he provides a different approach in understanding and developing countermeasures to the issue of ransomware, which he terms as a "virus that has affected healthcare" (Slayton, 2018). According to his perspective, dealing with a problem begins with understanding the problem; hence; he provides the basics of ransomware, its history, and the potential mitigation measures. Also, apart from most authors who had previously focused on how ransomware affects healthcare organizations, Slayton focuses on the effects on the average consumers (Slayton, 2018). Despite the available policies on privacy protection, ransomware attacks seem intractable (Slayton, 2018). Therefore, it is a call to the federal government, especially Congress, to adjust security breach policies that will keep this type of threat at bay, for a long-term if not entirely.

Even though these attacks have significantly impacted the healthcare system; it is empirical to focus on other sectors that have experienced similar effects. That way, it is easier to compare the trends, similarity, and difference between the factors that promote and mitigate ransomware attacks across different fields. With a better understanding of many sides, designing ways to combat this common problem is most likely to bare productive and positive outcomes. According to Kumar et al. (2018), one of the sectors that have experienced consequences of ransomware attacks is the Industrial Control Systems (ICS). Due to its vulnerability and the extensive data it contains, the ICS has become one of the primary targets of ransomware attacks; a factor that has been primarily contributed by the increased availability and access to advanced technologies. The effect of the increasing cyber-attacks is far overreaching. As a mitigation measure, privacy control systems need to implement stronger algorithms to detect and counter such attacks before they cause devastating effects.

Hackers target healthcare for many reasons, the most common being the vulnerability of the organization and the potential gains these hackers anticipate getting. With the increase in electronic health records (EHR), cyber attackers see the healthcare sector as a goldmine with minimal security measures. These EHR keep personal information such as an address, healthcare plans, bank information, among other critical sat regarding the physicians and the patients (Chung, 2018). Adding to the vulnerability of healthcare organizations is the low investments in cybersecurity (Chen & Decary, 2019). As a significant step in combating these threats, hospitals need to start investing in cybersecurity. Improving the security systems will keep hackers at bay hence alleviated levels of data privacy protection. However, the risks and consequences will remain high.

Among the several ways of handling and reporting ransomware are the HIPPA strategies. Health Insurance Portability and Accountability Act (HIPPA) is a policy that provides healthcare organizations with plans for identification, segregation, and potential extermination of privacy breaches. In their article “Pirates of the PHI: Identifying and Responding to a Ransomware Attack according to HIPAA Best Practices,” Sheffield (2017) recommends that in cases of ransomware, following the HIPPA strategies are most likely to provide constructive outcomes. Admits that there is no single approach that has been established for dealing with cyberattack threats, especially ransomware, although working with the HIPPA policies can provide a wide array of options and measures (Sheffield, 2017). Nonetheless, healthcare organizations are encouraged to develop protection mechanisms to their databases, rather than waiting until the onset of a potential threat.

Ransomware is a sophisticated threat to the healthcare sector, and from the cases that have been reported since the first one shows that it has overreaching consequences. The consequences are not localized to the healthcare organizations only; even the average consumers experience the effects. From the literature review, several points can be noted (Chen & Decary, 2019). First, though it is not the only target for hackers, the healthcare sector has proved vulnerable to cyber attacks. The industry has placed more investment in EHRs but has not done so to cybersecurity and thus, the safety of the EHRs (Chen & Decary, 2019). As a result, it has continually been a victim of cyberattacks, with hackers getting away with a lump sum of capital, and aggregate data for the patients and employees of these organizations.

Despite the efforts implemented to protect these organizations from cyber attacks, little has improved in keeping cyber attackers at bay. As protection mechanisms are upgraded, the hackers come up with new techniques of getting away with their crimes. It is a dynamic system that requires progressive policies and strategies (Abbod et al., 2019). Healthcare organizations have done their best in complying with policies so far, but the question is; how effective these data privacy protection strategies are? The bodies responsible for drafting and monitoring the implementation of the safety protocols need to reconsider the significance of their efforts. Healthcare sector is a vital aspect of the economy and wellbeing which cannot be assumed (Abbod et al., 2019). Anything that threatens the efficiency of its services should be handled with the utmost precision and care. Ransomware has proved to be a significant threat to data privacy of not only the organization but also the average consumer, whom which the patients are the primary victims. Therefore, policymakers and the bodies responsible for protecting those policies such as the federal government and HIPPA need to level up their efforts in mitigating and eradicating ransomware, not only in healthcare but also in other sectors.

References

Abbod, M., Lors, A., Butt, U., Jahankhani, H., Jamal, A., & Kumar, A. (2019). Ransomware threat and its impact on SCADA.

Chen, M., & Decary, M. (2019). Artificial intelligence in healthcare: An essential guide for health leaders. Healthcare Management Forum, 084047041987312. doi: 10.1177/0840470419873123

Chung, M. (2018). A New Wave of Ransomware Is Coming This Fall (and You’re Probably Not Prepared). Journal Of Health Care Compliance.

Sheffield, J. (2017). Pirates of the PHI: Identifying and Responding to a Ransomware Attack According to HIPAA Best Practices. Benefits Law Journal, 30(4).

Chung, M. (2019). Avoid Getting Hit by Ransomware: Five Tips for Employees. Journal Of Health Care Compliance.

Coventry, L., & Branley, D. (2018). Cybersecurity in healthcare: A narrative review of trends, threats and ways forward. Maturitas, 113, 48-52. doi: 10.1016/j.maturitas.2018.04.008

Glasser, N., Solander, A., & Forman, A. (2019). Ransomware—Give Me Back My Files!. Employee Relations Law Journal, 42(2), 53-56.

Krisbyt, R. (2018). Health Care Held Ransom: Modifications To Data Breach Security & The Future Of Health Care Privacy Protection. Health Matrix: Journal Of Law-Medicine,, 28, 365-402.

Slayton, T. (2018). Ransomware: The Virus Attacking the Healthcare Industry. Journal Of Legal Medicine, 38(2), 287-311. doi: 10.1080/01947648.2018.1473186

Spence, N., Paul III, D., & Coustasse, A. (2017). Ransomware in Healthcare Facilities: The Future is Now. Academy Of Business Research, Fall 2017 Conference. Atlantic City, NJ..