Skip to main content

Research Repository

Advanced Search

Healthcare Security Incident Response Strategy - A Proactive Incident Response (IR) Procedure

He, Ying; Maglaras, Leandros; Aliyu, Aliyu; Luo, Cunjin


Ying He

Aliyu Aliyu

Cunjin Luo


The healthcare information system (HIS) has become a victim of cyberattacks. Traditional ways to handle cyber incidents in healthcare organizations follow a predefined incident response (IR) procedure. However, this procedure is usually reactive, missing the opportunities to foresee danger on the horizon. Cyber threat intelligence (CTI) contains information on emerging attacks and should be ideally utilized to inform the IR procedure. However, current research shows that the IR has not been effectively informed by CTI, especially in healthcare organizations. This paper fills in this gap by proposing a proactive IR response procedure based on the National Institute of Standards and Technology (NIST) IR methodology. This paper then presents the NHS WannaCry case study to demonstrate the use of the proposed IR methodology. We collate cyber security advisories from different CTI sources such as US/UK CERT to protect interconnected systems and devices from Ransomware attacks. This research provides novel insights into the IR in healthcare through embedding CTI advisories into IR processes and concludes that our proposed IR procedure can be used to counteract WannaCry Ransomware using CTI advisories. It has the significance of transforming the way of IR from reactive to proactive using the CTI in healthcare.

Journal Article Type Article
Acceptance Date Jan 18, 2022
Online Publication Date Feb 23, 2022
Publication Date Feb 23, 2022
Deposit Date Dec 5, 2022
Publicly Available Date Dec 5, 2022
Journal Security and Communication Networks
Print ISSN 1939-0114
Electronic ISSN 1939-0122
Publisher Wiley
Peer Reviewed Peer Reviewed
Volume 2022
Article Number 2775249
Public URL


You might also like

Downloadable Citations