Mitigating the Effects of Ransomware Attacks on Healthcare Systems
This addresses security vulnerabilities in healthcare systems handling sensitive patient data, but appears incremental as it builds on existing risk management concepts.
The paper tackles the problem of ransomware attacks on healthcare systems by proposing a risk transference architecture that moves sensitive data outside the system boundary into secure data stores, though no concrete results or numbers are provided.
Healthcare information systems deal with a large amount of Personally Identifiable Information related to patients like dates of birth and social security numbers, patients health information and history, and financial information like credit card details and bank accounts. Most healthcare institutions purchase information systems from commercial vendors and have minimal inhouse expertise required to maintain these systems. Most institutions lack the expertise required to research evolving threats and maintain a tough security posture. We propose a risk transference based system architecture that moves sensitive data outside the system boundary, into data stores that are managed with stringent and efficient security protocols.