Ransomware Attack on Medstar: Ethical Position statement

  • Najam Ul Hassan
      University of Maryland University College, USA

    Abstract

    Medstar Health was the target of ransomware attack in 2016. The attack impacted the provision of healthcare services to the patient. Medstar opted not to pay the ransom and, instead, responded by shutting down its electronic medical record (EMR) systems and restoring the data from the backups. The paper analyzes the event, Medstar’s response and its negligent behavior that allowed the vulnerability to be exploited. The author provides an ethical position statement and recommendation to reduce the chances of any future attacks.

    Keywords:
    Ransomware Medstar Crisis Management

    Metrics

    Metrics Loading ...

    Author Biography

    Najam Ul Hassan, University of Maryland University College, USA

    The author has over two decades of IT experience and is a professional IT project management consultant at an international IT consulting firm and an adjunct associate professor of cybersecurity at a state university. He has masters in computer science, business administration, and international management and he is working on his Ph.D. in business analytics and decision sciences.

    References

    Abdollah, T. (2016, April 5). Hackers broke into hospitals despite software flaw warnings. The Associated Press. Retrieved from https://apnews.com/86401c5c2f7e43b79d7decb04a0022b4/hackers-broke-hospitals-despite-software-flaw-warnings

    Cox, J. W. (2016, March 29). MedStar Health Turns Away Patients After Likely Ransomware Cyberattack. The Washington Post. Retrieved from https://www.washingtonpost.com/local/medstar-health-turns-away-patients-one-day-after-cyberattack-on-its-computers/2016/03/29/252626ae-f5bc-11e5-a3ce-f06b5ba21f33_story.html?noredirect=on&utm_term=.b8eec6f84dc1

    Iovan, S., & Iovan, A. (2016). From Cyber Threats To Cyber-Crime. Journal of Information Systems & Operations Management, 425-434. Retrieved from https://search.proquest.com/docview/1861345731?accountid=44888

    LaPointe, J. (2016, April 7). MedStar Ransomware Attack Caused by Known Security Flaw. Health IT Security. Retrieved from https://healthitsecurity.com/news/medstar-ransomware-attack-caused-by-known-security-flaw

    McCarthy, J. (2016, April 4). MedStar Attack Found to be Ransomware, Hackers Demand Bitcoin. Health IT News. Retrieved from http://www.healthcareitnews.com/news/medstar-attack-found-be-ransomware-hackers-demand-bitcoin

    MedStar Health. (n.d.). Retrieved from https://www.medstarhealth.org/

    Neal, P., & Ilsever, J. (2016). Protecting Information: Active Cyber Defence For The Business Entity: A Prerequisite Corporate Policy. Academy of Strategic Management Journal, 15(2), 15-35. Retrieved from https://search.proquest.com/docview/1826881224?accountid=44888

    Reed, T. (2016, July 6). MedStar Official on Cyberattack: 'We Chose by Design not to Pay the Ransomware'. Washington Business Journal. Retrieved from https://www.bizjournals.com/washington/news/2016/07/06/medstar-official-on-ransomware-attack-we-chose-by.html

    Richardson, R., & North, M. (2017). Ransomware: Evolution, mitigation and prevention. International Management Review, 13(1), 10-21,101. Retrieved from https://search.proquest.com/docview/1881414570?accountid=44888

    Sabillon, R., Cano, J., Cavaller, V., & Serra, J. (2016). Cybercrime and cybercriminals: A comprehensive study. International Journal of Computer Networks and Communications Security, 4(6), 165-176. Retrieved from https://search.proquest.com/docview/1874038161?accountid=44888

    Article History
    Received: 2018-09-26
    Published: 2018-09-26
    How to Cite
    Hassan, N. U. (2018). Ransomware Attack on Medstar: Ethical Position statement. SEISENSE Journal of Management, 1(4), 29-31. https://doi.org/10.5281/zenodo.1435408