Abstract
SummaryRecently there have been several high-profile ransomware attacks involving hospitals around the world. Ransomware is intended to damage or disable a user’s computer unless the user makes a payment. Once the attack has been launched, users have three options: 1) try to restore their data from backup; 2) pay the ransom; or 3) lose their data. In this manuscript, we discuss a socio-technical approach to address ransomware and outline four overarching steps that organizations can undertake to secure an electronic health record (EHR) system and the underlying computing infrastructure. First, health IT professionals need to ensure adequate system protection by correctly installing and configuring computers and networks that connect them. Next, the health care organizations need to ensure more reliable system defense by implementing user-focused strategies, including simulation and training on correct and complete use of computers and network applications. Concomitantly, the organization needs to monitor computer and application use continuously in an effort to detect suspicious activities and identify and address security problems before they cause harm. Finally, organizations need to respond adequately to and recover quickly from ransomware attacks and take actions to prevent them in future. We also elaborate on recommendations from other authoritative sources, including the National Institute of Standards and Technology (NIST). Similar to approaches to address other complex socio-technical health IT challenges, the responsibility of preventing, mitigating, and recovering from these attacks is shared between health IT professionals and end-users.
Highlights
Rapid adoption of electronic health records (EHRs) has fundamentally changed the way health care organizations and clinicians care for patients, manage the hospital, account for health care quality, and bill for their services
A recent survey of 61 chief information officers, chief information security officers, and other IT director-level respondents conducted by HIMSS Analytics (Chicago, IL) found that more than half of them had been targets of ransomware attacks in the previous 12 months [7]
The goal of this paper is to provide recommendations to health care organizations (HCOs) on how to prevent and mitigate these malicious events
Summary
Rapid adoption of electronic health records (EHRs) has fundamentally changed the way health care organizations and clinicians care for patients, manage the hospital, account for health care quality, and bill for their services. A recent survey of 61 chief information officers, chief information security officers, and other IT director-level respondents conducted by HIMSS Analytics (Chicago, IL) found that more than half of them had been targets of ransomware attacks in the previous 12 months [7] Most of these organizations either a) fended off the attacks through intelligent use of network and user activity surveillance systems, b) were able to restore their critical systems from backups, or c) quietly paid the ransom. Reports of these events are generally leaked to the news media only after hospital operations are compromised for an extended period of time.
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
