Safeguarding the Healthcare Sector from Ransomware Attacks: Insights from a Literature Review

Cybersecurity integrates a broad spectrum of concerns, addressing numerous cyber threats and malicious factors that pose significant risks to the system’s integrity and functionality. Among these threats, ransomware presents a significant challenge. Often executed through phishing emails, ransomware attacks result in compromised data encrypting, with attackers demanding considerable ransoms for decryption. While these attacks target various sectors, including business, academia, and banking, the healthcare industry is particularly vulnerable due to its possession of sensitive data, the disclosure of which could lead to severe repercussions. This article provides a thorough literature review (LR) of ransomware attacks in the healthcare setup, encompassing studies from 2016 to 2024 and including an analysis of 60 articles. It addresses several critical research questions related to the topic. It also investigates the variants of ransomware targeting the healthcare sector, their propagation methods, and data encryption techniques. This article also examines the impacts of ransomware attacks on healthcare organizations, concentrating on financial losses, patient care disruptions, and data breach issues. Moreover, it examines various strategies and best practices that healthcare organizations have adopted to prevent, detect, and respond to ransomware attacks. This study analyzes ransomware attacks’ legal and regulatory implications, focusing on patient data protection and compliance with the Health Insurance Portability and Accountability Act (HIPAA) and other relevant regulations. It also evaluates the effectiveness of existing cybersecurity frameworks and guidelines, like the National Institute of Standards and Technology (NIST) Cybersecurity Framework and the Health Information Trust Alliance Common Security Framework (HITRUST CSF), in aiding healthcare organizations to guard against ransomware attacks. Lastly, this article develops a taxonomy to explain the novelty and contributions of this research within the context of ransomware attacks in the healthcare sector.