Because ransomware attacks usually involve some type of social engineering such as phishing to lure unsuspecting victims into clicking on a malicious link in email, a purely technical prevention strategy is not effective, according to a best practice paper published in Applied Clinical Informatics.
Such efforts in healthcare must focus on the proper implementation and maintenance of IT, as well as educating those who use it. Organizations tend not to make attack details public, preventing the industry from learning how to protect itself.