Open Access
Table 1
Common types of malware, their effects, and examples.
| Category | Effect | Recent Example Healthcare Victims |
|---|---|---|
| Ransomware | Denial of a system or database, generally through encryption, until a ransom is paid for access restoration. | Ascension (2024) [18] |
| Change Healthcare (2024) [18] | ||
| National Healthcare Network of Ireland (2021) [13] | ||
| Regal Medical Group (2023) [18] | ||
| Community Health Systems (2023) [18] | ||
| WannaCry (2017) | ||
| Hollywood Presbyterian Medical Center (2016) [6, 11] | ||
| Lurie Children’s Hospital (2024) [19] | ||
| Change Healthcare 2024 [24] | ||
| Destructive extortion | Similar to a ransomware attack, save that once the target system is encrypted, data is deleted or the system is destroyed on purpose. | Hancock Regional Hospital (2018) [3] |
| Denial of Service (DoS) or Distributed Denial of Service (DDoS) [25] | Digital services are overwhelmed by excessive network traffic, thereby limiting the amount of legitimate electronic requests that get through to the intended recipient. Attack can originate from a single or multiple (distributed) sources. | Boston Children’s Hospital (2014) [26] |
| Man-in-the-Middle (MITM) [9] | Information passes through an additional process that reads or copies the information to a third party. Data integrity can easily be compromised in this situation. | St Jude Merlin@Home pacemakers [27] |
| Abuse of known software vulnerabilities | Use of known and unpatched vulnerabilities in software to gain access to a system. | Epiphany Cardio Server SQL injection (2015) [28] |
| Medical Informatics Engineering SQL injection (2015) [18] | ||
| South-Eastern Norway Regional Health Authority (2017) (Legacy Windows XP) [3] | ||
| Red Cross (2022) [23] | ||
| Privilege escalation/abuse of privilege [9] | Attacks that have a goal of gaining higher levels of access or privilege so that malware has a broader impact when deployed. It can spread “horizontally” through same-level access points, or “vertically” to more privileged accounts. | Hancock Regional Hospital (2018) [3] |
| Third-party breach | When a third-party service fails to properly maintain data security. Often, from addition of Google/Facebook or other advertiser tracking algorithms are applied. | Advocate Aurora Health (2022) [18] |
| Boston Children’s Health Physicians (2024) [20] |
Current usage metrics show cumulative count of Article Views (full-text article views including HTML views, PDF and ePub downloads, according to the available data) and Abstracts Views on Vision4Press platform.
Data correspond to usage on the plateform after 2015. The current usage metrics is available 48-96 hours after online publication and is updated daily on week days.
Initial download of the metrics may take a while.