A Socio-Technical Approach to Preventing, Mitigating, and Recovering from Ransomware Attacks

Summary Recently there have been several high-profile ransomware attacks involving hospitals around the world. Ransomware is intended to damage or disable a user’s computer unless the user makes a payment. Once the attack has been launched, users have three options: 1) try to restore their data from backup; 2) pay the ransom; or 3) lose their data. In this manuscript, we discuss a socio-technical approach to address ransomware and outline four overarching steps that organizations can undertake to secure an electronic health record (EHR) system and the underlying computing infrastructure. First, health IT professionals need to ensure adequate system protection by correctly installing and configuring computers and networks that connect them. Next, the health care organizations need to ensure more reliable system defense by implementing user-focused strategies, including simulation and training on correct and complete use of computers and network applications. Concomitantly, the organization needs to monitor computer and application use continuously in an effort to detect suspicious activities and identify and address security problems before they cause harm. Finally, organizations need to respond adequately to and recover quickly from ransomware attacks and take actions to prevent them in future. We also elaborate on recommendations from other authoritative sources, including the National Institute of Standards and Technology (NIST). Similar to approaches to address other complex socio-technical health IT challenges, the responsibility of preventing, mitigating, and recovering from these attacks is shared between health IT professionals and end-users.

[1]  Dean F Sittig,et al.  Measuring and improving patient safety through health information technology: The Health IT Safety Framework , 2015, BMJ Quality & Safety.

[2]  Alexandre Gazet,et al.  Comparative analysis of various ransomware virii , 2010, Journal in Computer Virology.

[3]  Hardeep Singh,et al.  Contingency planning for electronic health record-based care continuity: A survey of recommended practices , 2014, Int. J. Medical Informatics.

[4]  Gregory A. Witte,et al.  Framework for Improving Critical Infrastructure Cybersecurity | NIST , 2014 .

[5]  Adam Sedgewick,et al.  Framework for Improving Critical Infrastructure Cybersecurity, Version 1.0 , 2014 .

[6]  Dean F Sittig,et al.  A new sociotechnical model for studying health information technology in complex adaptive healthcare systems , 2010, Quality and Safety in Health Care.

[7]  Barack Obama,et al.  Statement on the Release of the 'Framework for Improving Critical Infrastructure Cybersecurity' by the National Institute of Standards and Technology, February 12, 2014 , 2014 .

[8]  Babu Nath Giri,et al.  The Emergence of Ransomware , 2006 .

[9]  Karen A. Scarfone,et al.  Technical Guide to Information Security Testing and Assessment , 2008 .

[10]  Monique Snoeck,et al.  APATE: A novel approach for automated credit card transaction fraud detection using network-based extensions , 2015, Decis. Support Syst..

[11]  Dean F. Sittig,et al.  Creating an Oversight Infrastructure for Electronic Health Record–Related Patient Safety Hazards , 2011, Journal of patient safety.

[12]  Hardeep Singh,et al.  Patient safety goals for the proposed Federal Health Information Technology Safety Center , 2015, J. Am. Medical Informatics Assoc..

[13]  Dean F. Sittig,et al.  Electronic health records and national patient-safety goals. , 2012, The New England journal of medicine.

[14]  Dean F Sittig,et al.  Security threat posed by USB-based personal health records. , 2007, Annals of internal medicine.

[15]  Leyla Bilge,et al.  Before we knew it: an empirical study of zero-day attacks in the real world , 2012, CCS.