UNSTRUCTURED
Ransomware attacks, such as Conti, Ryuk, Petya, and Sodinokibi, that target medical institutions are increasing rapidly. In 2020, in the United States., ransomware attacks affected over 600 separate clinics, hospitals, and organizations, and more than 18 million patient records. The cost of these attacks is estimated to be almost $21 billion USD [1]. The first death related to ransomware attacks was reported by the University Hospital of Düsseldorf in Germany in 2020. The aim of this literature is to study vulnerabilities of cybersecurity in medical institutions, characteristics of ransomware aimed at medical institutions, and technical measures to prevent ransomware. From a security point of view, one of the most important targets of hackers against hospitals is medical devices. Many medical devices in hospitals are equipped with outdated software that is vulnerable to security and have many restrictions on security patches/updates. In addition, it is not easy to install even security functions such as antivirus due to the specificity of medical devices where availability is most important. As introduced in the Medjack report issued by TrapX Labs, in many cases, attackers target medical devices that are relatively insecure and then penetrate deep into more critical network infrastructure, such as EMR servers [2]. In this literature, we discuss various considerations to respond to ransomware while ensuring the availability of medical devices, and present AI-MDIPS (AI-based medical device intrusion prevention system) technology, a non-invasive and manageable security technology applicable to medical devices developed by the Korean government