Browse > Article
http://dx.doi.org/10.13089/JKIISC.2018.28.1.155

How to Cope with Ransomware in the Healthcare Industry  

Jeon, In-seok (Graduate School of Information Security, Korea University)
Kim, Dong-won (PRIME College of interdisciplinary & Creative studies, konyang University)
Han, Keun-hee (Kunkouk University)
Publication Information
Journal of the Korea Institute of Information Security & Cryptology / v.28, no.1, 2018 , pp. 155-165 More about this Journal
Abstract
As medical healthcare industry is growing up rapidly these days, providing various new healthcare service is considered carefully. Health information is considered to be more important than financial information; therefore, protecting health information becomes a very significant task. Ransomware is now targeting industry groups that have high information value. Especially, ransomware has grown in various ways since entering maturity in 2017. Healthcare industry is highly vulnerable to ransomeware since most healthcare organizations are configured in closed network with lack of malware protection. Only meeting the security criteria is not the solution. In the case of a successful attack, restoration process must be prepared to minimize damages as soon as possible. Ransomware is growing rapidly and becoming more complex that protection must be improved much faster. Based on ISO 27799 and 27002 standard, we extract and present security measures against advanced ransomware to maintain and manage healthcare system more effectively.
Keywords
healthcare industry; ransomware; malware; telemedicine; medical services;
Citations & Related Records
연도 인용수 순위
  • Reference
1 wikipedia, EternalBlue, https://ko.wikipedia.org/wiki/EternalBlue
2 Ahnlab, "Where is the target of ransomware?", March 6, 2017, URL : http://www.ahnlab.com/kr/site/securityinfo/secunews/secuNewsView.do?seq=26176 (Last visited : 2017. 11)
3 Ahnlab, ASECREPORT, Vol.87, 2017
4 Ahnlab, "[vol.87] The second quarter of 2017 major security issues", URL : http://www.ahnlab.com/kr/site/securityinfo/asec/asecView.do?groupCode=VNI001&seq=26596 (Last visited : 2017. 11)
5 The Personal Information Protection Association, the value of personal information and social cost analysis according to personal information infringement, 2013
6 enisa, Smart Hospitals - Security and Resilience for Smart Health Service and infrastructures, 2016
7 Korea Information and Communication Technology Association, Guideline for Backup of Information Systems, 2007
8 ISO 27799:2016, Health informatics -Information security management in health using ISO/IEC 27002
9 ISO/IEC 27002:2013, Information technology - Security techniques -Code of practice for information security controls