Ransomware Attack on Medstar: Ethical Position statement
Article Sidebar
Main Article Content
Abstract
Medstar Health was the target of ransomware attack in 2016. The attack impacted the provision of healthcare services to the patient. Medstar opted not to pay the ransom and, instead, responded by shutting down its electronic medical record (EMR) systems and restoring the data from the backups. The paper analyzes the event, Medstar’s response and its negligent behavior that allowed the vulnerability to be exploited. The author provides an ethical position statement and recommendation to reduce the chances of any future attacks.
Downloads
Article Details
Copyright (c) 2018 Najam Ul Hassan
This work is licensed under a Creative Commons Attribution 4.0 International License.
Najam Ul Hassan, University of Maryland University College, USA
The author has over two decades of IT experience and is a professional IT project management consultant at an international IT consulting firm and an adjunct associate professor of cybersecurity at a state university. He has masters in computer science, business administration, and international management and he is working on his Ph.D. in business analytics and decision sciences.
Abdollah, T. (2016, April 5). Hackers broke into hospitals despite software flaw warnings. The Associated Press. Retrieved from https://apnews.com/86401c5c2f7e43b79d7decb04a0022b4/hackers-broke-hospitals-despite-software-flaw-warnings
Cox, J. W. (2016, March 29). MedStar Health Turns Away Patients After Likely Ransomware Cyberattack. The Washington Post. Retrieved from https://www.washingtonpost.com/local/medstar-health-turns-away-patients-one-day-after-cyberattack-on-its-computers/2016/03/29/252626ae-f5bc-11e5-a3ce-f06b5ba21f33_story.html?noredirect=on&utm_term=.b8eec6f84dc1
Iovan, S., & Iovan, A. (2016). From Cyber Threats To Cyber-Crime. Journal of Information Systems & Operations Management, 425-434. Retrieved from https://search.proquest.com/docview/1861345731?accountid=44888
LaPointe, J. (2016, April 7). MedStar Ransomware Attack Caused by Known Security Flaw. Health IT Security. Retrieved from https://healthitsecurity.com/news/medstar-ransomware-attack-caused-by-known-security-flaw
McCarthy, J. (2016, April 4). MedStar Attack Found to be Ransomware, Hackers Demand Bitcoin. Health IT News. Retrieved from http://www.healthcareitnews.com/news/medstar-attack-found-be-ransomware-hackers-demand-bitcoin
MedStar Health. (n.d.). Retrieved from https://www.medstarhealth.org/
Neal, P., & Ilsever, J. (2016). Protecting Information: Active Cyber Defence For The Business Entity: A Prerequisite Corporate Policy. Academy of Strategic Management Journal, 15(2), 15-35. Retrieved from https://search.proquest.com/docview/1826881224?accountid=44888
Reed, T. (2016, July 6). MedStar Official on Cyberattack: 'We Chose by Design not to Pay the Ransomware'. Washington Business Journal. Retrieved from https://www.bizjournals.com/washington/news/2016/07/06/medstar-official-on-ransomware-attack-we-chose-by.html
Richardson, R., & North, M. (2017). Ransomware: Evolution, mitigation and prevention. International Management Review, 13(1), 10-21,101. Retrieved from https://search.proquest.com/docview/1881414570?accountid=44888
Sabillon, R., Cano, J., Cavaller, V., & Serra, J. (2016). Cybercrime and cybercriminals: A comprehensive study. International Journal of Computer Networks and Communications Security, 4(6), 165-176. Retrieved from https://search.proquest.com/docview/1874038161?accountid=44888