Comments from Prof:
You have got to begin chapter 2 with your theory and then bring in ransomware. You need to discuss each construct in detail for your deterrence theory and Protection Motivation theory and then relate to ransomware.
Comments marked in red
HEALTHCARE’S VULNERABILITY TO RANSOMWARE ATTACKS
By: Abhilash Tati
A Dissertation submitted to:
Date of submission: 09/29/2021
Supervised by: Dr. Mary Lind
Table of Contents
Purpose of the Study 5
Search strategy 5
Literature review 7
Deterrence theory 10
Coping mode 21
Ransomware Lifecycle Attack 24
The Primary Vector of Attack: 27
Secondary vector attack: Remote desktop protocol 29
Ransomware targeted 31
Ransomware Healthcare Violations 33
Healthcare’s Cybersecurity Challenges 37
Implications of healthcare Ransomware 40
Testing review 42
Specific Ransomware Strains 42
Healthcare Ransomware Mitigations Strategies 49
Save and Recovery 50
Plan of Incident Response 51
Disappointment Technologies 52
Sharing of Threat Intelligence 52
Segmentation of the network 53
Security of Email 54
Authentication of multi-factor 55
Management of vulnerability 55
Methods of Detection and Analysis 58
Health is the main objective of the ransom program. 61
Experts dread the consequences of intensive care. 62
The attack surface is becoming larger. 63
Effects of Ransomware on health system operations 64
Paying Ransomware Attack Responsibility 66
Additional analysis 70
Ransomware is classified as the latest safety violation, which has had a substantial effect on patient care. Healthcare has always been a lucrative target for cyber thieves, who target personal health information (PHI) through misconfigured cloud storage and phishing e-mails, which are far more valuable on the black market than any other SSN or credit card credentials. In addition, mobile devices and laptops were the leading sources of information violations, accounting for roughly 75 percent of the total individual infringements, around 30 percent of overall infringements of business associates, and 33 percent of violations in covered businesses. This article examines ransomware assaults in terms of the effects of an attack, exploited vulnerabilities, and the measures taken by the organization (Agale, 2020).
Ransomware is malicious software meant to block or disable entry into a computer system waiting to pay a sum of money. The hackers demand a ransom for the victims’ files. In this essay, strategies are explored to reduce how ransomware attacks function and disrupt the day-to-day operations of health systems and who is accountable. Since 2005, ransomware has been the unavoidable cyber menace. Most purposes invite the hacker to gain innocently?? What does this mean? (Ahmed et al., 2019). The hacker does this by moving?? Moving??? a webpage or mail, and the target opens it. Then the hacker inserts the Ransomware virus via malicious code, which infects the machine and displays a message that the victim’s archives are held in rehabilitation and are only ransomed.
Research Question: To what extent is the healthcare system vulnerable to ransomware attacks?
Ransomware has emerged as one of the most severe dangers to enterprises’ routine commercial operations. Healthcare institutions are particularly vulnerable to ransomware attacks due to the limits imposed by time constraints, limited resources, and continuity requirements. For example, as the population ages and grows larger, healthcare facilities must care for an increasing number of patients. Increased patient volume implies shorter time limits for individual patients and a lower tolerance for downtime and interruption (Ahmed & Ullah, 2017). As a result, IT teams attempt to accomplish more with fewer resources while operating costs continue to rise. In addition, budget constraints limit the resources available for enhancing security outcomes and adopting an organization-wide holistic approach to security.
Additionally, the proliferation of specialized care facilities within and between organizations demands providers to ensure patient continuity of care and data integrity. These limits amplify the impact of a ransomware assault. Interruptions in healthcare are not merely an annoyance; they can be life-threatening. As a result, we believe it is critical to examine the healthcare business in light of the ransomware threat and develop recommendations for prevention, detection, and mitigation to assist healthcare practitioners and enhance patient outcomes.
Purpose of the Study
The purpose of this paper is to highlight ransomware’s threat to healthcare and how healthcare systems should protect themselves against attacks by ransomware.You should state your research question here.
The chapter will have five major parts: theory and models, literature review, testing review, contribution and recommendation, and finally, the conclusion.
Search strategy You need to discussion how you will use the theory on deterrence and protection motivation theory as part of your search strategy
We began our investigation by gaining a basic understanding of ransomware. What distinguishes ransomware as a distinct threat? Following that, we investigate the ransomware infection process in greater depth to understand the exploitation lifecycle better. How can ransomware leverage vulnerabilities inflict such widespread damage in such a short period? Following that, we will look at the particular computing security concerns faced by the healthcare business. How can constrained resources, short time limits, and continuity in healthcare delivery requirements influence users’ behaviour? Next, we delve deeper into how ransomware uses these particular computing security problems to enhance its effects and enable attackers to extract increasing sums from healthcare providers. Why are healthcare organizations such common targets for ransomware attacks? Following that, we delved into numerous individual ransomware strains to provide a context for our findings. What does the data indicate? Finally, we apply our findings to provide tactics for ransomware prevention, suggest detection and analysis approaches, and suggest solutions to aid in mitigation and recovery efforts. How can we contribute to the reduction of ransomware’s impact on healthcare?
You need your theory in here = deterrence and protection motivation theory – every paragraph should relate to these theories – first introduce the theories and then relate ransomeware to the theories.
What is ransomware, and how does it work?
Ransomware is a form of malware that encrypts and modifies file data and metadata on a computer system. Victims are left with useless files and a demand for payment of a specified “ransom,” typically in cryptocurrency, to return their data and metadata to their previous condition. This form of attack is a variation on an age-old ruse in which robust technology is used to exploit human insecurities, such as fear, to cause the victim significant operational and financial consequences (Ahmadian, 2016). Ransomware has become increasingly prevalent in recent years as hackers have increased their technological capabilities and have continued to be rewarded for their efforts.
Individual users and multibillion-dollar organizations are all susceptible to ransomware assaults. However, these attacks appear particularly concerning for healthcare providers, who rely primarily on quick access to virtual communication networks, electronic health records, and various administrative information systems to function successfully. Additionally, there is no guarantee that the “ransom” payment will completely restore access or data. Due to the substantial operational expenditures that healthcare providers must bear, most victims of ransomware attacks choose to pay the ransom as soon as feasible (Attaran, 2020). Providers are willing to accept a lump-sum ransom payment and fines for data breaches in exchange for the potential of avoiding even higher fines and considerable reputational harm caused by disastrous patient outcomes.
According to Ayala (2016), ransomware is harmful software employed by cyber-criminals that infects computers and makes the user’s files or systems inaccessible until the ransom payment is paid. In essence, ransomware can control the system or resources of the victim and block user access. The researchers categorized ransomware into two categories: data resource denial and non-data resource denial. You believe this is the first taxonomy to consider all kinds of ransomware and allocate each one to a category.
Data resource denial. This is a category of ransomware that limits access to the organization’s files and requires a ransom payment to recover the encrypted files. Ransomware employs encryption methods to safeguard data against unauthorized access to encrypt valuable data and then requests a ransom to decode it (Beavers & Pournouri, 2019). This is known as crypto-ransomware and is frequently characterized as symmetrical, asymmetric or hybrid, by the type of encryption used.
Symmetric crypto-ransomware employs the same coding and decryption key. The advantage of this strategy is that the attack may be carried out quickly. A significant downside of symmetric key encryption is the necessity of incorporating the key into the malware file, which security researchers can uncover (Bhuyan et al., 2020).
Asymmetric crypto-ransomware employs various encryption and decryption keys. This strategy is also referred to as public-key encryption. This encryption technique consists of a private eight key owned only by the attacker (the ransomware owner). The public encrypts the files, but a private key is needed to decrypt and restore the files. The apparent advantage of public-key encryption is that the public key is located elsewhere (the attacker’s machine) on the victim’s PC.
Just a list of ransom ware with no discussion of the theory of deterrence.
Key hybrid Crystal-ransomware is a malware author’s tactic used to mix symmetric and asymmetrical methods of encryption. It employs symmetric encryption to encrypt the user’s files as rapidly as feasible. It encrypts the symmetric key with asymmetric encryption. Torrent Locker, noted for adopting RSA and AES encryption methods, is a crypto-ransomware example. Gpcode is another complement that encrypts files with an individual AES-256 key and then re-encrypts the key with a public 1024-bit RSA key (Branch et al., 2019).
Non-data resource denial. This form of ransomware is less effective at eliminating victims than denying data resources because it limits the victim from viewing the device but keeps the user’s files intact. Simply put, the information is not manipulated or deleted. One class found in this category is Locker ransomware, which locks the victim out of her device and stops her from using it. The Locker ransomware typically focuses on computers or cloud storage that contains sensitive data for mobile, Internet of Things, and industrial control devices. Medical Internet of Things devices is appealing targets for such attacks in the health and emergency sectors. Reveton is an example of Locker ransomware, known to lock computers by preventing users from signing in and presenting a false message from the FBI saying that PCs are involved with criminal internet activities (Brewer, 2016). Trojan. RansomLock.G is another example that locks the user’s screen and shows a whole ransom letter. Locker rankings frequently lock the computer’s desktop, making it unusable.
Cyber-attacks are becoming more common in the healthcare industry, which can cause delays or disruptions in patient care in some cases. In some cases, attackers are interested in the ransom or cash generated by selling medical data. In other instances, they impede a patient’s treatment. About 13,236,569 files were affected in 2018 alone due to violations and cyber threats (Collier, 2017). Every medical record on the market costs $50-$60. Therefore, the translation of violated data into monetary values would mean around $728,011,295, which is extremely large. The cost to patients is not statistically mentioned, as patient losses go beyond financial considerations.
In 1989, the first ransomware attack on healthcare information systems was disclosed. Joseph Popp, a Ph.D. Becker’s Hospital Review reports that the hack targeted HIV/AIDS researchers in more than 90 nations. AIDS researchers spread the information by releasing 20,000 floppy disks with a computer program and a questionnaire purported to estimate an individual’s risk of contracting AIDS (Coventry, 2018). Regrettably, the disks were also infected with a ransomware variant known as the AIDS Trojan. The AIDS Trojan infiltrated computers invisibly and remained dormant for up to 90 restart cycles. After the 90th restart, a ransom payment demand was shown, requesting $189 and $378 from the user.
It has been 30 years since the AIDS Trojan first presented a hazard to healthcare professionals. Over this period, attackers’ capabilities have increased enormously. Today’s attackers use encryption methods that are equal to those used by governments and the military. Modern delivery mechanisms enable attackers to target users worldwide. The proliferation of networked devices allows attackers to zero in on specific targets, devise unique exploitation tactics, and rapidly scale the attack to generate enormous leverage for extorting a ransom payment. Due to the creation and recent accessibility of bitcoin, criminals can preserve some level of anonymity while demanding a ransom from their victims (Celdrán et al., 2020). To battle the ransomware threat to essential healthcare services, it is critical to understand the infection’s nature better and develop prevention, detection, and mitigation measures.
As Vance & Siponen (2012) discussed, the constructs of deterrence theory include threat appraisals and coping appraisals. Both the constructs incorporate habit and intention. Deterrence theory has long been seen to be a helpful notion for preventing attacks. Rewards (or benefits) are one of the three threat appraisal variables, and they result in any inner or extrinsic reason for expanding or maintaining an unwelcome behaviour, in this case, an employee’s noncompliance with information security policies.
Intrinsic and extrinsic rewards raise the likelihood of a maladaptive response, whereas perceptions of threat severity and vulnerability reduce the possibility of such a response. Physical or psychological pleasure and peer approbation are factors that raise the likelihood of a maladaptive reaction (Ophoff et al., 2019). The authors state denial and revenge complement a larger strategy that includes resistance, resilience, and response. Vulnerability refers to the likelihood of an unpleasant incident occurring if no steps are made to prevent it.
One of the founders of criminology’s deterrence theory, Jeremy Bentham, presupposes rational individuals capable of undertaking cost-benefit analyses before acting. The third wave cast doubt on the analytical actor model, an essential foundation of deterrence theory, suggesting that groupthink, misunderstandings, and bureaucratic politics frequently trumped cost-benefit assessments. The issue of deterrence signalling determines the other side’s rationale because rationality is subjective (Vance & Siponen, 2012). In addition, cost-benefit analysis necessitates sentencing clarity and predictability, as well as proportionality between punishment and violation.
Ambrose et al. addressed the target for deviation in a second area. Previously, there was a distinction between the structural and social types of biases in the literature on organizational justice. The organization has admitted that structural forms of injustice (distributive and procedural) exist, while interpersonal, informational interactions between supervisors and subordinates produce social counterparts. According to studies, the deviation goal corresponds to the perceived source. Ambrose et al. put this theory to the test in their study. It is expected that the objectives of organizational or individual sabotage activities would be consistent with the perceived cause of injustice that could be structural (only distributive injustice) or social (interpersonal and informational). Later on, the idea was verified, but the connection between the source and the organizational objectives was more robust than the source and individual objectives. It was important to back up Ambrose et al.’s findings with the subsequent study (Vance et al., 2012). Several studies have demonstrated that injustice can predict the type and intent of organizational deviation. Chacko & Hayajneh (2018) discovered that interpersonal, and information injustice perceptions caused a more significant variance in distributed and procedural unfairness in the counterproductive workplace conduct directed towards a supervisor than perceptions of distributed and procedural injustice. Furthermore, the study discovered that procedural fairness explained greater diversity in the organizational behaviour of unproductive workplaces than distributive and interactional injustices (D’arcy & Herath, 2011). The previous researchers had an intent to develop the motive behind ransomware attacks and how the behaviour at work affects the ability to handle ransomware attacks.
Protection motivation theory
According to PMT, habit is referred to as a pattern of behaviour. According to habit theory, many actions are performed without conscious deliberation because people are used to doing them; often, repeated behaviour is more governed by situational signals than conscious decision making. Ransomware has emerged as one of the most severe security concerns facing both businesses and individuals. Ransomware authors are increasing the sophistication of their attacks as technical remedies are developed. A mix of technical and behavioural interventions is required (Boss et al., 2013). Using protection motivation theory (PMT) as a theoretical underpinning, this study explores computer users’ incentive to take security measures against ransomware. We used a survey methodology and gathered data from 118 persons (Ophoff et al., 2019). Our study supports various aspects of the protection motivation theory in this setting using partial least squares structural equation modelling. These include fear-mediated perceptions of danger intensity and threat vulnerability. Self-efficacy is an essential coping component. Both maladaptive rewards and response cost significantly influence protection drive. The findings support the use of fear appeals and PMT in the context of ransomware threats to influence protective motivation in healthcare ransomware. You cannot introduce hypotheses without discussing each of the constructs in terms of ransomware – that should be done above. You need section about on User habit
To what extent is the healthcare system vulnerable to ransomware attacks?
User’s Habit positively influences vulnerability.
User’s Habit positively influences perceived severity.
User’s Habit negatively influences rewards.
User’s Habit positively influences response efficacy.
User’s Habit positively influences self-efficacy.
User’s Habit negatively influences response cost
Vulnerability positively affects employees’ intention to comply with IS security policies.
Research focusing on organizational and personal information security practices has increased due to the relevance of behavioural aspects for information security. The following research is examples: computer security behaviour, home safety conduct, access controls and perceptions of security, malicious behaviour, or computer misuse by companies. Some empirical studies to evaluate the efficiency of the operational security procedures have been carried out; however, IT administrators or top management representatives are often respondents in these studies rather than end-users (Willison & Warkentin, 2013). Because the respondent in prior research was in significant part responsible for the establishment and execution of technological security initiatives, it’s also debatable whether they’d be typical of the business as a whole. For example, while an IT administrator may claim a written security policy exists, end-users are not always aware of it.
Current research has focused on security policies and end-user policy compliance. Ophoff et al. (2019) describe practical security management components, including IT security policies, while Ophoff et al. (2019) provides an organizational information security conceptual framework. Both of these studies discuss the role of human factors in the success of safety initiatives. In a similar spirit, Ophoff et al. (2019) maintain that security in information is a multi-faceted discipline with intertwined roles for safety and governance. A more empirical study is needed to identify essential concepts for preventing negative occurrences from a socio-organizational perspective to help manage the information system’s security, as pointed out.
In an empirical sense, Ophoff et al. (2019) has developed a theoretical model to examine the effect of dissuasive security measures on the assurance that sanctions are certain and severe, leading to intentions of IS abuse, while Ophoff et al. (2019) finds that dissuasive measures are a reduction in the computer abuse of organizations. Ophoff et al. (2019) discovered that the user does not perform many information securities actions and that other job activities predominate over information security in a qualitative user perspective study. One of the biggest challenges with user roles in information security work, according to Ophoff et al. (2019), is their lack of desire and competence in information security and related work. According to Post & Kagan’s (2007) study, end-users viewed safety precautions impeding their daily routine. Apart from auto efficiency, Chan et al. (2005) discovered that management practices and coworker socializing impact employees’ views of the International Information System Security Certification Consortium (ISC), positively impacting safety compliance behaviour. They also looked at the policy on safety compliance. The impact of organizational commitment on several security compartments, including compliance with security policies, has been investigated by Ophoff et al. (2019). According to Ophoff et al. (2019), employee attitudes, standards, and practices significantly impact employee intentions to comply with IS safety policy. Still, threat assessment and conducive conditions have a significant impact on moulding compliance attitudes. Despite the recent focus of some academics on this subject, the study of policy compliance remains at the beginning and offers many opportunities for empiric research. PMT also includes coping appraisal criteria dependent on the adaptive response (in this case, employees’ adherence to information security policies). Compliance with IS security policies should be an effective defense against IS security threats in our situation.
Table 2: Main constructs and related theories same for these constructs they need to be discussed in separate sections above.
Security policy compliance
PMT and TPB
PMT and TPB
The perceived probability of security breach
PMT and TPB
Perceived severity of security breach
Security breach concern level
Note: General Deterrence Theory (GDT); Protection Motivation Theory (PMT); Theory of Planned Behaviour (TPB)
Response efficacy: The conviction is that the prescribed coping response will effectively lessen the threat referred to as reaction efficacy. An employee’s impression of the success of the organization’s computer security policy, in this case, could be the subject of this research. It is possible to analyze the effectiveness of a given action using perceived utility in DTPB.
A factor taken into consideration in the studies by Boss et al. (2015) on the information security behaviours of home users has perceived citizen efficacy, which refers to an individual’s belief that their actions can make a difference in the security of the Internet, as well as perceived citizen efficacy.
Response efficacy will have a beneficial impact on the behavioural intention of ISSP participants to comply. When people perceive a threat, they typically alter their behaviour in response to the level of risk they are exposed to and determine whether or not they are willing to accept the danger (Milne et al., 2000; Workman et al., 2008). As a result, an individual’s assessment of the seriousness of a situation is positively associated with their intentions to take preventative steps (Pechmann et al., 2003).
If individuals perceive a threat to their organization’s information technology assets, they are more likely to adhere to the ISSP’s principles and standards (Bulgurcu et al., 2010; Pahnila et al., 2007). Suppose an individual does not see a threat in their environment when accessing corporate information technology resources. In that case, they may be less worried about adhering to the policies and procedures outlined in their ISSP. In their study, Herath and Rao found that their perception of severity highly influences employees’ intentions to adopt ISSP.
Attitudes: This refers to how a person feels about the conduct of interest, whether favourable or harmful. It is necessary to take into consideration the ramifications of engaging in the behaviour. According to Boss et al. (2015), individuals have more favourable security sentiments when sound judgments of citizen efficacy. In addition to having an optimistic attitude toward security laws, employees who believe their activities have a positive impact on their organization are also more likely to have a positive attitude toward security regulations
The attitude toward ISSP compliance will positively impact the behavioural intention to comply with ISSP requirements. As previously stated, self-efficacy is concerned with an individual’s belief in their ability and competence to execute a task or make a choice in a given situation (Bandura, 1977, 1991). It has been discovered that an individual’s sense of self-efficacy significantly impacts their ability to fulfill task behaviour, including information technology (Compeau and Higgins, 1995; Workman et al., 2008). Compeau and Higgins (1995) discovered that people who have higher levels of self-efficacy in using information systems are more likely than those who have lower levels of self-efficacy to use information systems in their professions.
Individuals with good information security capabilities and competence are more likely to realize the need to adhere to organizational information security policies and procedures, and they may be better positioned to perceive the consequences of non-compliance. In several studies, self-efficacy is associated with complying with ISSP requirements. (2010); Pahnila et al., 2007; Herath and Rao, 2009a; Workman et al., 2008; Bulgurcu et al., 2010; Workman et al., 2010
Behavioural intention: It is more likely to occur when the decision to engage in a behaviour is more meaningful than less significant (Boss et al., 2015). A habit is a pattern of behaviour that is repeated over time. Because people have been accustomed to performing specific tasks, many can be carried out without conscious thinking. According to habit theory, repeated behaviour is frequently influenced by environmental cues rather than conscious decision-making.
It was determined that their ISSP behavioural compliance was not positively influenced by perceived severity in the threat assessment component. This is surprising because one would expect an individual’s perception of risks, vulnerability, security breaches, and assaults to impact compliance with an organization’s information security management system. This outcome could have been influenced by variables in the surrounding environment or from outside.
Another possibility is that this specific component has nothing to do with ISSP behavioural compliance in the first place. In the studies by Herath and Rao (2009a) and Bulgurcu et al. (2010), which investigated ISSP behavioural compliance by employees with TPB, PMT, and other theories, concern levels and attitude were modelled as mediators of the link between perceived severity and ISSP behavioural compliance.
In some cases, it’s possible that an alternative conception would lead to a different result from the one reached here. According to the data analysis, employees who are more likely to comply with their organization’s ISSP also acknowledge that organizational information technology resources are vulnerable to compromise and destruction.
Subjective and Social norms: In this context, “subjective and societal norms” allude to the assumption that most people favour or disapprove of a given behaviour. As a result of the person’s thoughts, peers and other key people believe that the person should engage in a specific course of action (Boss et al., 2015). There are conventional rules of behaviour that exist within a community or a culture. Social norms are accepted as typical or standard behaviour among a group of individuals.
Subjective norms are …
Why Choose Us
- 100% non-plagiarized Papers
- 24/7 /365 Service Available
- Affordable Prices
- Any Paper, Urgency, and Subject
- Will complete your papers in 6 hours
- On-time Delivery
- Money-back and Privacy guarantees
- Unlimited Amendments upon request
- Satisfaction guarantee
How it Works
- Click on the “Place Order” tab at the top menu or “Order Now” icon at the bottom and a new page will appear with an order form to be filled.
- Fill in your paper’s requirements in the "PAPER DETAILS" section.
- Fill in your paper’s academic level, deadline, and the required number of pages from the drop-down menus.
- Click “CREATE ACCOUNT & SIGN IN” to enter your registration details and get an account with us for record-keeping and then, click on “PROCEED TO CHECKOUT” at the bottom of the page.
- From there, the payment sections will show, follow the guided payment process and your order will be available for our writing team to work on it.