Cybercriminals have begun to target the healthcare industry with a type of malware called ransomware, malware that encrypts an infected device and any attached devices or network drives. After encryption, cybercriminals demand a sum of money, also known as a “ransom,” to release the devices from encryption. Without adequate disaster recovery and backup plans, many businesses are forced to pay the ransom. The purpose of this study was to determine the extent of recent ransomware infections in healthcare settings, the risk liabilities and cost associated with such infections, and to determine possible risk mitigation tactics. Financial costs associated with business recovery after ransomware attacks on healthcare facilities are significant and are growing rapidly in terms of both magnitude and scope. Other risks are loss of future business and reputation damage. The best plan of action is to have a proper business continuity and disaster plan with adequate data backups and to be more vigilant in educating employees as to the sources of ransomware attack in order to prevent potential attacks.
Spence, N., Paul III, D. P., & Coustasse, A. (2017, September). Ransomware in healthcare facilities: The future is now. Paper presented at the Academy of Business Research, Fall 2017 Conference. Atlantic City, NJ.