Trends in Malware Attacks against United States Healthcare Organizations, 2016-2017
Introduction: The healthcare industry has begun seeing a new hazard develop against them- the threat of cyberattack. Beginning in 2016, healthcare organizations in the United States have been targeted for malware attacks, a specific type of cyberattack. During malware incidents hackers can lock user...
| Main Authors: | , , , , , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
University of New South Wales
2019-02-01
|
| Series: | Global Biosecurity |
| Subjects: | |
| Online Access: | https://jglobalbiosecurity.com/articles/7 |
| _version_ | 1818664535865688064 |
|---|---|
| author | Lauren E Branch Warren S Eller Tom K Bias Michael A McCawley Douglas J Myers Brian J Gerber John R Bassler |
| author_facet | Lauren E Branch Warren S Eller Tom K Bias Michael A McCawley Douglas J Myers Brian J Gerber John R Bassler |
| author_sort | Lauren E Branch |
| collection | DOAJ |
| description | Introduction: The healthcare industry has begun seeing a new hazard develop against them- the threat of cyberattack. Beginning in 2016, healthcare organizations in the United States have been targeted for malware attacks, a specific type of cyberattack. During malware incidents hackers can lock users out of their own network to gain access to information or to hold the organization for ransom. With the increase in medical technology and the need for access to this information to provide critical care, this type of incident has the potential to put patient lives and safety at risk. Methods: A content analysis was conducted to assess the trend of attacks on healthcare organizations. U.S. Healthcare IT News and Becker's Hospital Review were used to collect all publicly reported malware attacks against U.S. healthcare organizations between 2016 and 2017. A fault-tree diagram was also developed to illustrate how hackers gain access to a healthcare network using malware. Results: There were 49 cases of malware attacks against U.S. HCOs identified. The attacks occurred across 27 states, and they took place during 18 out of 24 months. Six of the organizations reported paying ransom, whereas 43 organizations did not pay or did not report payment to the press. Impacts of these attacks range from network downtime to patient and staff records being breached. Discussion: Malware attacks have the potential to impact care delivery as well as the healthcare facility itself. Even though this study identified 49 malware attacks, we know this number is significantly higher based on data from HIMSS and the FBI. A reporting loophole exists in that hospitals are only required to report attacks in the case of breached protected health or financial data. For HCOs to fully understand the risk cyberthreats pose, it is important for attacks to become public information and for lessons learned to be shared. Future research reviewing identified attacks could help identify best practices for the healthcare industry to better prepare for cyberattacks. |
| first_indexed | 2024-12-17T05:34:17Z |
| format | Article |
| id | doaj.art-2bc3069933da48ff99ffadafe691f5d7 |
| institution | Directory Open Access Journal |
| issn | 2652-0036 |
| language | English |
| last_indexed | 2024-12-17T05:34:17Z |
| publishDate | 2019-02-01 |
| publisher | University of New South Wales |
| record_format | Article |
| series | Global Biosecurity |
| spelling | doaj.art-2bc3069933da48ff99ffadafe691f5d72022-12-21T22:01:39ZengUniversity of New South WalesGlobal Biosecurity2652-00362019-02-0111152710.31646/gbio.73Trends in Malware Attacks against United States Healthcare Organizations, 2016-2017Lauren E Branch0Warren S Eller1Tom K Bias2Michael A McCawley3Douglas J Myers4Brian J Gerber5John R Bassler6West Virginia UniversityThe City University Of New YorkWest Virginia UniversityWest Virginia UniversityWest Virginia UniversityArizona State UniversityUniversity of Alabama at BirminghamIntroduction: The healthcare industry has begun seeing a new hazard develop against them- the threat of cyberattack. Beginning in 2016, healthcare organizations in the United States have been targeted for malware attacks, a specific type of cyberattack. During malware incidents hackers can lock users out of their own network to gain access to information or to hold the organization for ransom. With the increase in medical technology and the need for access to this information to provide critical care, this type of incident has the potential to put patient lives and safety at risk. Methods: A content analysis was conducted to assess the trend of attacks on healthcare organizations. U.S. Healthcare IT News and Becker's Hospital Review were used to collect all publicly reported malware attacks against U.S. healthcare organizations between 2016 and 2017. A fault-tree diagram was also developed to illustrate how hackers gain access to a healthcare network using malware. Results: There were 49 cases of malware attacks against U.S. HCOs identified. The attacks occurred across 27 states, and they took place during 18 out of 24 months. Six of the organizations reported paying ransom, whereas 43 organizations did not pay or did not report payment to the press. Impacts of these attacks range from network downtime to patient and staff records being breached. Discussion: Malware attacks have the potential to impact care delivery as well as the healthcare facility itself. Even though this study identified 49 malware attacks, we know this number is significantly higher based on data from HIMSS and the FBI. A reporting loophole exists in that hospitals are only required to report attacks in the case of breached protected health or financial data. For HCOs to fully understand the risk cyberthreats pose, it is important for attacks to become public information and for lessons learned to be shared. Future research reviewing identified attacks could help identify best practices for the healthcare industry to better prepare for cyberattacks.https://jglobalbiosecurity.com/articles/7Cyberattack, Healthcare, Malware, Trends, Threat, Ransomware, Hospitals, United States |
| spellingShingle | Lauren E Branch Warren S Eller Tom K Bias Michael A McCawley Douglas J Myers Brian J Gerber John R Bassler Trends in Malware Attacks against United States Healthcare Organizations, 2016-2017 Global Biosecurity Cyberattack, Healthcare, Malware, Trends, Threat, Ransomware, Hospitals, United States |
| title | Trends in Malware Attacks against United States Healthcare Organizations, 2016-2017 |
| title_full | Trends in Malware Attacks against United States Healthcare Organizations, 2016-2017 |
| title_fullStr | Trends in Malware Attacks against United States Healthcare Organizations, 2016-2017 |
| title_full_unstemmed | Trends in Malware Attacks against United States Healthcare Organizations, 2016-2017 |
| title_short | Trends in Malware Attacks against United States Healthcare Organizations, 2016-2017 |
| title_sort | trends in malware attacks against united states healthcare organizations 2016 2017 |
| topic | Cyberattack, Healthcare, Malware, Trends, Threat, Ransomware, Hospitals, United States |
| url | https://jglobalbiosecurity.com/articles/7 |
| work_keys_str_mv | AT laurenebranch trendsinmalwareattacksagainstunitedstateshealthcareorganizations20162017 AT warrenseller trendsinmalwareattacksagainstunitedstateshealthcareorganizations20162017 AT tomkbias trendsinmalwareattacksagainstunitedstateshealthcareorganizations20162017 AT michaelamccawley trendsinmalwareattacksagainstunitedstateshealthcareorganizations20162017 AT douglasjmyers trendsinmalwareattacksagainstunitedstateshealthcareorganizations20162017 AT brianjgerber trendsinmalwareattacksagainstunitedstateshealthcareorganizations20162017 AT johnrbassler trendsinmalwareattacksagainstunitedstateshealthcareorganizations20162017 |