Mitigating the Effects of Ransomware Attacks on Healthcare Systems

TL;DR

This paper proposes a risk transference architecture for healthcare information systems that enhances security by relocating sensitive data outside the system boundary, addressing the challenges posed by ransomware threats.

Contribution

It introduces a novel system architecture that moves sensitive healthcare data outside the system boundary to improve security against ransomware attacks.

Findings

Enhanced data security through boundary relocation

Reduced risk of ransomware impact on healthcare data

Framework adaptable to various healthcare systems

Abstract

Healthcare information systems deal with a large amount of Personally Identifiable Information related to patients like dates of birth and social security numbers, patients health information and history, and financial information like credit card details and bank accounts. Most healthcare institutions purchase information systems from commercial vendors and have minimal inhouse expertise required to maintain these systems. Most institutions lack the expertise required to research evolving threats and maintain a tough security posture. We propose a risk transference based system architecture that moves sensitive data outside the system boundary, into data stores that are managed with stringent and efficient security protocols.