Examining the Risk Factors for Hospital Ransomware Attacks: A Qualitative Study

Author

Cedric L. Truss, Medical University of South Carolina

Date of Award

2017

Embargo Period

8-1-2024

Document Type

Dissertation

Degree Name

Doctor of Health Administration

College

College of Health Professions

First Advisor

Jillian B. Harvey

Second Advisor

Mark Mellott

Third Advisor

Trudie F. Milner

Fourth Advisor

James S Zoller

Abstract

Ransomware attacks have started to affect the hospital industry and cause major disruptions in operations. There are at least five successful ransomware attacks that have affected hospitals. The only way they were able to regain access to their systems were to submit payment via bitcoin to the entity that conveyed the ransom or recover their systems from backups. In this study, we identified risk factors from published reports for hospital ransomware attacks. This study employed a qualitative review of published news articles and reports that discussed the events of the ransomware attacks. This exploratory method is appropriate for new and emerging topics and used to compare written text to established guidelines or models. We used the NIST Cyber Security Framework to code content and analyze information from journal articles, memos, blogs, research studies and white papers that contained information reported by the hospitals. Hospitals and media reports were not transparent in reporting detailed information surrounding the events of ransomware attacks. Overall, study results demonstrate that there are risk factors for hospitals to become targets for ransomware attacks.

Recommended Citation

Truss, Cedric L., "Examining the Risk Factors for Hospital Ransomware Attacks: A Qualitative Study" (2017). MUSC Theses and Dissertations. 346.
https://medica-musc.researchcommons.org/theses/346

Rights

All rights reserved. Copyright is held by the author.