Trends in Malware Attacks against United States Healthcare Organizations, 2016-2017
DOI:
https://doi.org/10.31646/gbio.7Keywords:
Cyberattack, Healthcare, Malware, Trends, Threat, Ransomware, Hospitals, United StatesAbstract
Introduction: The healthcare industry has begun seeing a new hazard develop against them- the threat of cyberattack. Beginning in 2016, healthcare organizations in the United States have been targeted for malware attacks, a specific type of cyberattack. During malware incidents hackers can lock users out of their own network to gain access to information or to hold the organization for ransom. With the increase in medical technology and the need for access to this information to provide critical care, this type of incident has the potential to put patient lives and safety at risk. Methods: A content analysis was conducted to assess the trend of attacks on healthcare organizations. U.S. Healthcare IT News and Becker's Hospital Review were used to collect all publicly reported malware attacks against U.S. healthcare organizations between 2016 and 2017. A fault-tree diagram was also developed to illustrate how hackers gain access to a healthcare network using malware. Results: There were 49 cases of malware attacks against U.S. HCOs identified. The attacks occurred across 27 states, and they took place during 18 out of 24 months. Six of the organizations reported paying ransom, whereas 43 organizations did not pay or did not report payment to the press. Impacts of these attacks range from network downtime to patient and staff records being breached. Discussion: Malware attacks have the potential to impact care delivery as well as the healthcare facility itself. Even though this study identified 49 malware attacks, we know this number is significantly higher based on data from HIMSS and the FBI. A reporting loophole exists in that hospitals are only required to report attacks in the case of breached protected health or financial data. For HCOs to fully understand the risk cyberthreats pose, it is important for attacks to become public information and for lessons learned to be shared. Future research reviewing identified attacks could help identify best practices for the healthcare industry to better prepare for cyberattacks.
Published
2019-02-14
How to Cite
Branch, L. E., Eller, W. S., Bias, T. K., McCawley, M. A., Myers, D. J., Gerber, B. J., & Bassler, J. R. (2019). Trends in Malware Attacks against United States Healthcare Organizations, 2016-2017. Global Biosecurity, 1(1). https://doi.org/10.31646/gbio.7
Issue
Section
Research Articles
License
Copyright (c) 2019 The Author(s)
This work is licensed under a Creative Commons Attribution 4.0 International License.
Authors who publish with this journal agree to the following terms:- Authors retain copyright and grant the journal right of first publication with the work simultaneously licensed under a Creative Commons Attribution License that allows others to share the work with an acknowledgement of the work's authorship and initial publication in this journal.
- Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgement of its initial publication in this journal.
- Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work (See The Effect of Open Access).
Received 2018-11-06
Accepted 2019-01-23
Published 2019-02-14
Accepted 2019-01-23
Published 2019-02-14
