TITLE:
Ransomware Attacks: Evidence of Network Security Vulnerability in Work-from-Home Setups during the COVID-19 Pandemic Lockdown
AUTHORS:
Mohammed Mohammed Raoof, Rafeeq Al-Hashemi
KEYWORDS:
Internet of Things (IoT), Artificial Intelligence (AI), SP 800-66, COVID-19 Pandemic Data Breaches, Work-From-Home, Long-Term Acute Care Hospitals (LTACHs), Skilled Nursing Facilities (SNFs), Acute Care Hospitals, Rehabilitation Hospitals, Hospice Care Centers
JOURNAL NAME:
Journal of Information Security,
Vol.16 No.3,
July
29,
2025
ABSTRACT: Ransomware attacks are common in the United States (US) healthcare industry, causing data breaches. They can also cause many harmful effects, including reputation loss, operational downtime, legal liabilities, financial loss, the possibility of losing the business, and even risks to the lives of patients who use Internet of Things (IoT) medical devices. In addition, ransomware attacks are risky for patients’ lives who utilize medical computer systems in inpatient facilities, such as Long-Term Acute Care Hospitals (LTACHs) and Skilled Nursing Facilities (SNFs). However, this study uses the phenomenological research method to analyze the ransomware attacks on US healthcare practitioners represented by US healthcare entities (A Healthcare Provider, A Health Plan, and A Healthcare Clearinghouse). The authors retrieved the US healthcare breaches from 2014 to 2024, listed in the US Department of Health and Human Services, Office for Civil Rights report. Moreover, the authors employed data limitations to enforce the validity of the study. The findings show that ransomware attacks occurred during the COVID-19 pandemic lockdown period, particularly during the common practice of work-from-home. This study concluded that network security is a severe breaching factor for work-from-home practice in healthcare settings and suggested the need to enforce the implementation of robust cybersecurity measures, such as the NIST SP 800-66 R2 security standard for remote working, and increase the security awareness of work-from-home worker based on Artificial Intelligence (AI) to help mitigate the potential risk of ransomware attacks.