Mitigating Ransomware Threats in Cloud-Based Healthcare: A Risk-Based Approach to Patient Data Security and Continuity

With advancement in technology, the level of reliance on cloud-based healthcare system has increased. The safety of patient s data and continuity of healthcare is threatened by malicious software like ransomwares. Ransomware is a software that attacks the data storage of a hospital or healthcare system by taking advantage of loopholes in the cloud-based data infrastructure. To ensure safety of healthcare system s data, necessary and adequate measures must be put in place by healthcare organizations to prevent possible attacks in the future. This study employs a risk-based approach which integrates Patient Data Compromise Index (PDCI) and the Healthcare Disruption Index (HDI) to evaluate the impact of ransomware attacks on cloud-based hospital systems. Using Combined Impact Score (CIS), 50 anonymized UK hospital datasets were analysed to determine vulnerability severity and its effect on clinical operations. The study considered vulnerabilities with Common Vulnerability Scoring System (CVSS) ≥ 4.0, data exposure levels ≥ 0.70, and system downtimes ≥ 20 hours. The findings indicate that hospitals experiencing prolonged downtimes (≥ 40-hour) exhibited highseverity vulnerabilities (CVSS ≥ 8.0). Furthermore, lower CIS values correlated with reduced system susceptibility to ransomware-induced disruptions. The results highlight the necessity of implementing automated ransomware response mechanisms, Zero Trust Security Architecture, and data-driven threat detection to fortify cloud-based healthcare systems. This study advances healthcare cybersecurity by providing a structured, data-driven framework for detecting vulnerabilities and ensuring resilient healthcare operations against ransomware threats..