{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,6,15]],"date-time":"2026-06-15T02:30:30Z","timestamp":1781490630652,"version":"3.54.1"},"reference-count":32,"publisher":"Georg Thieme Verlag KG","issue":"02","funder":[{"DOI":"10.13039\/100007217","name":"VA Health Services Research and Development Service","doi-asserted-by":"crossref","award":["12\u2013033"],"award-info":[{"award-number":["12\u2013033"]}],"id":[{"id":"10.13039\/100007217","id-type":"DOI","asserted-by":"crossref"}]},{"name":"Presidential Early Career","award":["14\u2013274"],"award-info":[{"award-number":["14\u2013274"]}]},{"name":"VA National Center"},{"DOI":"10.13039\/100000133","name":"Agency for Health Care Research and Quality","doi-asserted-by":"crossref","award":["R01HS022087 and R21 HS 023602"],"award-info":[{"award-number":["R01HS022087 and R21 HS 023602"]}],"id":[{"id":"10.13039\/100000133","id-type":"DOI","asserted-by":"crossref"}]},{"name":"HSR&D Center","award":["13\u2013413"],"award-info":[{"award-number":["13\u2013413"]}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Appl Clin Inform"],"published-print":{"date-parts":[[2016,4]]},"abstract":"<jats:title>Summary<\/jats:title><jats:p>Recently there have been several high-profile ransomware attacks involving hospitals around the world. Ransomware is intended to damage or disable a user\u2019s computer unless the user makes a payment. Once the attack has been launched, users have three options: 1) try to restore their data from backup; 2) pay the ransom; or 3) lose their data. In this manuscript, we discuss a socio-technical approach to address ransomware and outline four overarching steps that organizations can undertake to secure an electronic health record (EHR) system and the underlying computing infrastructure. First, health IT professionals need to ensure adequate system protection by correctly installing and configuring computers and networks that connect them. Next, the health care organizations need to ensure more reliable system defense by implementing user-focused strategies, including simulation and training on correct and complete use of computers and network applications. Concomitantly, the organization needs to monitor computer and application use continuously in an effort to detect suspicious activities and identify and address security problems before they cause harm. Finally, organizations need to respond adequately to and recover quickly from ransomware attacks and take actions to prevent them in future. We also elaborate on recommendations from other authoritative sources, including the National Institute of Standards and Technology (NIST). Similar to approaches to address other complex socio-technical health IT challenges, the responsibility of preventing, mitigating, and recovering from these attacks is shared between health IT professionals and end-users.<\/jats:p><jats:p>\n          Citation: Sittig DF, Singh H. A socio-technical approach to preventing, mitigating, and recovering from ransomware attacks.<\/jats:p>","DOI":"10.4338\/aci-2016-04-soa-0064","type":"journal-article","created":{"date-parts":[[2016,6,29]],"date-time":"2016-06-29T07:43:11Z","timestamp":1467186191000},"page":"624-632","source":"Crossref","is-referenced-by-count":90,"title":["A Socio-technical Approach to Preventing, Mitigating, and Recovering from Ransomware Attacks"],"prefix":"10.4338","volume":"07","author":[{"given":"Hardeep","family":"Singh","sequence":"first","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Dean","family":"Sittig","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"194","published-online":{"date-parts":[[2017,12,16]]},"reference":[{"key":"10.4338\/ACI-2016-04-SOA-0064-1","unstructured":"Kandel J and Kovacik R. Hollywood Hospital \u2018Victim of Cyber Attack\u2019. NBC4 News. February 12, 2016. Available at: http:\/\/www.nbclosangeles.com\/news\/local\/Hollywood-Hospital-Victim-of-Cyber-Attack-368574071.html"},{"key":"10.4338\/ACI-2016-04-SOA-0064-2","unstructured":"Steffen S. Hackers hold German hospital data hostage. Made for Minds. 25 February 2016. Available at: http:\/\/dw.com\/p\/1I2Xu"},{"key":"10.4338\/ACI-2016-04-SOA-0064-3","unstructured":"Olenick D. The Ottawa Hospital fends off ransomware attack. SC Magazine. 14 March 2016. Available at: http:\/\/www.scmagazine.com\/the-ottawa-hospital-fends-off-ransomware-attack\/article\/482921\/"},{"key":"10.4338\/ACI-2016-04-SOA-0064-4","unstructured":"Krebs B. Hospital Declares \u2018Internal State of Emergency\u2019 After Ransomware Infection. Krebsonsecurity.com. March 16, 2016. Available at: http:\/\/krebsonsecurity.com\/2016\/03\/hospital-declares-internet-state-of-emergency-after-ransomware-infection\/"},{"key":"10.4338\/ACI-2016-04-SOA-0064-5","unstructured":"Simms B. FBI investigating computer virus at MedStar Health. WBALTV11.com March 29, 2016. Available at: http:\/\/www.wbaltv.com\/news\/fbi-investigating-computer-virus-at-medstar-health\/38731548"},{"key":"10.4338\/ACI-2016-04-SOA-0064-6","unstructured":"Gallagher S. Two more healthcare networks caught up in outbreak of hospital ransomware. Ars Technica. March 29, 2016. Available at: http:\/\/arstechnica.com\/security\/2016\/03\/two-more-healthcare-networks-caught-up-in-outbreak-of-hospital-ransomware\/"},{"key":"10.4338\/ACI-2016-04-SOA-0064-7","unstructured":"Sullivan T. More than half of hospitals hit with ransomware in last 12 months. Health IT News. April 07, 2016. Available at: http:\/\/www.healthcareitnews.com\/news\/more-half-hospitals-hit-ransomware-last-12-months"},{"key":"10.4338\/ACI-2016-04-SOA-0064-8","doi-asserted-by":"publisher","DOI":"10.1136\/amiajnl-2014-002988"},{"key":"10.4338\/ACI-2016-04-SOA-0064-9","unstructured":"Fischer T. Private and Public Key Cryptography and Ransomware. Center for Internet Security (CIS). December 2014. Available at: https:\/\/msisac.cisecurity.org\/whitepaper\/documents\/10.pdf"},{"key":"10.4338\/ACI-2016-04-SOA-0064-10","doi-asserted-by":"publisher","DOI":"10.1007\/s11416-008-0092-2"},{"key":"10.4338\/ACI-2016-04-SOA-0064-11","unstructured":"Mun J. Trojan.Gpcoder. Symantec. May 22, 2005. Available at: https:\/\/www.symantec.com\/security_response\/writeup.jsp?docid=2005-052215-5723-99"},{"key":"10.4338\/ACI-2016-04-SOA-0064-12","unstructured":"Giri BN, Jyoti N. The Emergence of Ransomware. 9th Annual Association of anti-Virus Asia Researchers (AVAR) International Conference - Digital Security: Prevention to Prosecution. Auckland, NZ. 2006. Available at: http:\/\/citeseerx.ist.psu.edu\/viewdoc\/download?doi=10.1.1.169.5881&amp;rep=rep1&amp;type=pdf"},{"key":"10.4338\/ACI-2016-04-SOA-0064-13","unstructured":"Largent W. Ransomware: Past, Present, and Future. April 11, 2016. Available at: http:\/\/blog.talosintel.com\/2016\/04\/ransomware.html"},{"key":"10.4338\/ACI-2016-04-SOA-0064-14","unstructured":"United States Computer Emergency Readiness Team. Alert (TA16-091A): Ransomware and Recent Variants. Original release date: March 31, 2016. Available at: https:\/\/www.us-cert.gov\/ncas\/alerts\/TA16-091A"},{"key":"10.4338\/ACI-2016-04-SOA-0064-15","unstructured":"National Institute of Standards and Technology. Framework for Improving Critical Infrastructure Cybersecurity Version 1.0 February 12, 2014. Available at: http:\/\/www.nist.gov\/cyberframework\/upload\/cybersecurity-framework-021214.pdf"},{"key":"10.4338\/ACI-2016-04-SOA-0064-16","doi-asserted-by":"publisher","DOI":"10.1056\/NEJMsb1205420"},{"key":"10.4338\/ACI-2016-04-SOA-0064-17","doi-asserted-by":"publisher","DOI":"10.1136\/bmjqs-2015-004486"},{"key":"10.4338\/ACI-2016-04-SOA-0064-18","unstructured":"Gallagher S. Maryland hospital: Ransomware success wasn\u2019t IT department\u2019s fault: MedStar denies ransom payment, denies earlier JBoss bugs played role. Ars Technica. Apr 7, 2016. Available at: http:\/\/arstechnica.com\/security\/2016\/04\/maryland-hospital-group-denies-ignored-warnings-allowed-ransomware-attack\/"},{"key":"10.4338\/ACI-2016-04-SOA-0064-19","unstructured":"Gallagher S. Maryland hospital group hit by ransomware launched from within [Updated] Samsam malware injected into network from exploited web app server at MedStar. Ars Technica. March 31, 2016. Available at: http:\/\/arstechnica.com\/security\/2016\/03\/maryland-hospital-group-hit-by-ransomware\/"},{"key":"10.4338\/ACI-2016-04-SOA-0064-20","unstructured":"DHHS Office for Civil Rights. HIPAA Security Rule Crosswalk to NIST Cybersecurity Framework. Available at: http:\/\/www.hhs.gov\/sites\/default\/files\/NIST%20CSF%20to%20HIPAA%20Security%20Rule%20Crosswalk%2002-22-2016%20Final.pdf"},{"key":"10.4338\/ACI-2016-04-SOA-0064-21","doi-asserted-by":"publisher","DOI":"10.7326\/0003-4819-146-4-200702200-00020"},{"key":"10.4338\/ACI-2016-04-SOA-0064-22","unstructured":"Hoffman C. How To Spot A Dangerous Email Attachment. 20 Jan 2014. Available at: http:\/\/www.makeuseof.com\/tag\/spot-dangerous-email-attachment\/)"},{"key":"10.4338\/ACI-2016-04-SOA-0064-23","unstructured":"DNS-BH - Malware Domain Blocklist. Available at: http:\/\/www.malwaredomains.com\/"},{"key":"10.4338\/ACI-2016-04-SOA-0064-24","unstructured":"Protection of Information Assets: CISA Tutorial. Available at: http:\/\/www.simplilearn.com\/protection-of-information-assets-cisa-tutorial-video"},{"key":"10.4338\/ACI-2016-04-SOA-0064-25","unstructured":"Scarfone K, Souppaya M, Cody A, Orebaugh A. Technical Guide to Information Security Testing and Assessment: Recommendations of the National Institute of Standards and Technology. NIST Special Publication 800-115. September 2008. Available at: http:\/\/csrc.nist.gov\/publications\/nistpubs\/800-115\/SP800-115.pdf"},{"key":"10.4338\/ACI-2016-04-SOA-0064-26","unstructured":"Youngstrom N. Hospital Uses Fake Phishing Emails in Security Training; Will Move to Gamification. Report on Medicare Compliance. 25: 17; May 9, 2016"},{"key":"10.4338\/ACI-2016-04-SOA-0064-27","doi-asserted-by":"publisher","DOI":"10.1016\/j.dss.2015.04.013"},{"key":"10.4338\/ACI-2016-04-SOA-0064-28","doi-asserted-by":"crossref","unstructured":"Bilge L, Dumitras T. Before we knew it: an empirical study of zero-day attacks in the real world. In Proceedings of the 2012 ACM conference on Computer and communications security. 2012 Oct 16 (pp. 833-844)","DOI":"10.1145\/2382196.2382284"},{"key":"10.4338\/ACI-2016-04-SOA-0064-29","doi-asserted-by":"publisher","DOI":"10.1097\/PTS.0b013e31823d8df0"},{"key":"10.4338\/ACI-2016-04-SOA-0064-30","doi-asserted-by":"publisher","DOI":"10.1016\/j.ijmedinf.2014.07.007"},{"key":"10.4338\/ACI-2016-04-SOA-0064-31","unstructured":"Siwicki B. Tips for protecting hospitals from ransomware as cyberattacks surge. HealthIT News. April 6, 2016. Available at: http:\/\/www.healthcareitnews.com\/news\/tips-protecting-hospitals-ransomware-cyber-attacks-surge"},{"key":"10.4338\/ACI-2016-04-SOA-0064-32","doi-asserted-by":"publisher","DOI":"10.1136\/qshc.2010.042085"}],"container-title":["Applied Clinical Informatics"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/www.thieme-connect.de\/products\/ejournals\/pdf\/10.4338\/ACI-2016-04-SOA-0064.pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2020,5,17]],"date-time":"2020-05-17T00:23:55Z","timestamp":1589675035000},"score":1,"resource":{"primary":{"URL":"http:\/\/www.thieme-connect.de\/DOI\/DOI?10.4338\/ACI-2016-04-SOA-0064"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2016,4]]},"references-count":32,"journal-issue":{"issue":"02","published-online":{"date-parts":[[2017,12,16]]},"published-print":{"date-parts":[[2016]]}},"URL":"https:\/\/doi.org\/10.4338\/aci-2016-04-soa-0064","relation":{},"ISSN":["1869-0327"],"issn-type":[{"value":"1869-0327","type":"electronic"}],"subject":[],"published":{"date-parts":[[2016,4]]}}}