Malware Attacks

The information and communication technology (ICT) is showing a significant growth to the healthcare sector as organizations strive to find ways that would help safeguard patient safety. In recent years, healthcare organizations have experienced threats to health information security. Every year, cyber criminals breach data exposing millions of patients’ records and use them for illegal activities (Sametinger, Rozenblit, Lysecky & Ott, 2015). Therefore, health care providers are now more concerned about patient health, privacy, and safety when they store their health information in electronic form. A data breach in a hospital not only affects the reputation and financial status of the company but it could result in an adverse effect on patients due to the type of data disclosed (Sametinger, Rozenblit, Lysecky & Ott, 2015). My goal as the information technology manager is to ensure that we guard patients’ records against any malware attacks. The need to identify security threats by the information technology manager is mandatory. Therefore, some of the types of malware that might affect the healthcare information system include the following.

First, cybercriminals might use ransomware malware to attack the healthcare information system. Ransomware refers to the form of malware that restricts the user to access files on his or her computer until he or she pays the hacker a monetary reward. Ransomware is now regarded as the primary threat to organizations, and over the last few years, it has emerged to be a useful tool used by cybercriminals. The common means of infections from ransomware include website pop-up adverts and phishing of emails that contain malicious attachments (Newmeyer, 2015). Precisely, the lockscreen ransomware works by displaying an image that prevents the owner to access his or her computer. Similarly, the encryption ransomware works by encrypting files on your computer’s hard drive, cloud storage drives, USB drives and shared network drives thus preventing you from accessing them. In a situation of an attack from ransomware, the healthcare providers will get a notification stating that their data have been locked and they will only regain access to the files if they pay the said amount of money. On the same note, the malware might display a different message such as authorities have detected illegal activities on your computer and the owner must pay a fine to avoid prosecution.

Second, the health information system might be affected by the spyware attack. Spyware is a type of malware that is used by third parties to collect the user’s personal information without their knowledge. Spyware often appears on the user’s computer in the form of a free download. Such software is difficult to notice since they are installed automatically without the consent of the user (Sametinger, Rozenblit, Lysecky & Ott, 2015). Some of the spying capabilities include data harvesting, activity monitoring, and collection of keystrokes. During data harvesting, this malware affects patients’ data by exploiting software vulnerabilities (Sametinger, Rozenblit, Lysecky & Ott, 2015). In addition, the spyware will send downloads, username, password, computer settings and surfing habits to third parties who will then change the way the computer operates thus affecting healthcare operations.

Third, it is possible for a virus to affect the health information system in situations of inadequate security measures. A virus refers to a malicious computer program that can copy itself and spread to other computers (Newmeyer, 2015). Therefore, computer viruses offer a threat to patients’ records if they happen to attack computers in a healthcare facility. Viruses are often sent downloads or email attachments with the aim to damage the user’s computer and those found in their contact list. When the user visits the link or site provided, it is when the automatic download of the virus starts. Cyber criminals use viruses to steal money, harm host networks and gain access to information by scripting files and web apps (Newmeyer, 2015). For instance, they provide criminals with patients’ data hence exposing the health, privacy, and safety of patients. Similarly, they can disable the security settings of the healthcare facility, and this will adversely affect patients. The figure below represents a PHI breach report.


(Munro, 2014)

In conclusion, malicious actors are targeting healthcare organizations due to their inadequate security to major medical systems. With a capacity to hold 1000 inpatients, my hospital might be on the verge of attacks from ransomware, computer virus, and spyware if we do not revise our security measure. This report provides information that would help healthcare professionals to develop awareness and understanding of malware attacks associated with patients’ records. Moreover, the law enforcement agencies such as the FBI have warned healthcare industries to expect increased cyber-attacks in the future. Lastly, security analysts and the management can use this report and intelligence from the FBI to manage the hospital information systems.



Munro, D. (August 18, 2014). Cyber-attacks net 4.5 million records from large hospital system. Forbes. Retrieved from

Newmeyer, K. P. (2015). Elements of National Cybersecurity Strategy for Developing Nations. National Cybersecurity Institute Journal, 1(3), 1-68.

Sametinger, J., Rozenblit, J., Lysecky, R., & Ott, P. (2015). Security challenges for medical devices. Communications of the ACM, 58(4), 74-82.


Do you need an Original High Quality Academic Custom Essay?