Appl Clin Inform 2016; 07(02): 624-632
DOI: 10.4338/ACI-2016-04-SOA-0064
State of the Art / Best Practice Paper
Schattauer GmbH

A Socio-technical Approach to Preventing, Mitigating, and Recovering from Ransomware Attacks

Dean F. Sittig
1   University of Texas Health Science Center at Houston, School of Biomedical Informatics and UT-Memorial Hermann Center for Health Care Quality and Safety, Houston, Texas
Hardeep Singh
2   Houston Veterans Affairs Center for Innovations in Quality, Effectiveness and Safety, Michael E. DeBakey Veterans Affairs Medical Center, Houston, Texas
3   Section of Health Services Research, Department of Medicine, Baylor College of Medicine, Houston, Texas
› Author Affiliations
Dr. Singh’s research is supported by the VA Health Services Research and Development Service (CRE 12–033; Presidential Early Career Award for Scientists and Engineers USA 14–274), the VA National Center for Patient Safety, the Agency for Health Care Research and Quality (R01HS022087 and R21 HS 023602) and in part by the Houston VA HSR&D Center for Innovations in Quality, Effectiveness and Safety (CIN 13–413).
Further Information

Publication History

received: 25 April 2016

accepted: 13 June 2016

Publication Date:
16 December 2017 (online)


Recently there have been several high-profile ransomware attacks involving hospitals around the world. Ransomware is intended to damage or disable a user’s computer unless the user makes a payment. Once the attack has been launched, users have three options: 1) try to restore their data from backup; 2) pay the ransom; or 3) lose their data. In this manuscript, we discuss a socio-technical approach to address ransomware and outline four overarching steps that organizations can undertake to secure an electronic health record (EHR) system and the underlying computing infrastructure. First, health IT professionals need to ensure adequate system protection by correctly installing and configuring computers and networks that connect them. Next, the health care organizations need to ensure more reliable system defense by implementing user-focused strategies, including simulation and training on correct and complete use of computers and network applications. Concomitantly, the organization needs to monitor computer and application use continuously in an effort to detect suspicious activities and identify and address security problems before they cause harm. Finally, organizations need to respond adequately to and recover quickly from ransomware attacks and take actions to prevent them in future. We also elaborate on recommendations from other authoritative sources, including the National Institute of Standards and Technology (NIST). Similar to approaches to address other complex socio-technical health IT challenges, the responsibility of preventing, mitigating, and recovering from these attacks is shared between health IT professionals and end-users.

Citation: Sittig DF, Singh H. A socio-technical approach to preventing, mitigating, and recovering from ransomware attacks.