IMPLEMENTING THREAT HUNTING STRATEGIES USING MITRE ATTACK FRAMEWORK

The increasing adoption of cloud-based Electronic Health Records (EHRs) has transformed healthcare
by enhancing data accessibility, interoperability, and patient care efficiency. However, this transition
has also introduced new cybersecurity vulnerabilities, with ransomware emerging as a critical threat to
healthcare systems. Ransomware attacks disrupt medical services, compromise patient confidentiality,
and impose significant financial burdens on institutions. This study comprehensively examines
ransomware threats in cloud-based EHR environments by analyzing vulnerabilities, attack vectors, and
mitigation strategies through the NIST Cybersecurity Framework and MITRE ATT&CK Framework. A
quantitative analysis was conducted using datasets from the
U.S. Department of Health and Human Services (HHS), the Cybersecurity & Infrastructure Security
Agency (CISA), and the MITRE ATT&CK database. Key findings indicate a 67% increase in
ransomware incidents from 2018 to 2023, with credential theft (33.3%) and phishing (26.7%) as the
most exploited attack vectors. Recovery challenges were exacerbated by backup failures (hazard ratio
= 0.000, p = 0.127) and third-party risks (hazard ratio = 0.000, p = 0.030). To mitigate these risks, the
study advocates for a multi-layered cybersecurity approach, emphasizing Zero Trust Architecture, AI-
driven threat detection, immutable backups, and vendor risk management. The findings underscore the
need for collaboration among healthcare institutions, cybersecurity professionals, and policymakers to
strengthen resilience against evolving ransomware threats. By integrating structured cybersecurity
frameworks and proactive defense mechanisms, healthcare organizations can enhance data security,
ensure compliance, and minimize operational disruptions.