All reviews of published articles are made public. This includes manuscript files, peer review comments, author rebuttals and revised materials. Note: This was optional for articles submitted before 13 February 2023.
Peer reviewers are encouraged (but not required) to provide their names to the authors when submitting their peer review. If they agree to provide their name, then their personal profile page will reflect a public acknowledgment that they performed a review (even if the article is rejected). If the article is accepted, then reviewers who provided their name will be associated with the article itself.
Thank you for submitting to PeerJ.
[# PeerJ Staff Note - this decision was reviewed and approved by Vicente Alarcon-Aquino, a PeerJ Section Editor covering this Section #]
no comment
no comment
no comment
All the comments are successfully resolved by the authors.
All the comments are successfully resolved by the authors.
All the comments are successfully resolved by the authors.
All the comments are successfully resolved by the authors.
Please follow the reviewer comments.
**PeerJ Staff Note:** Please ensure that all review, editorial, and staff comments are addressed in a response letter and that any edits or clarifications mentioned in the letter are also inserted into the revised manuscript where appropriate.
Nice work, good job team, some grammar and spelling errors can be fixed!
No comment
No comment
The review is well within the scope of the journal.
The article provides a high-level descriptive text on ransomware attacks in the healthcare sector. What is missing is the inner workings of each of the listed ransomware strains and how these impact the sector in their own ways.
Consequently, a dictionary of terminology is presented, and the effort appears to be shallow.
Design is well placed and the number of papers analysed is sound.
The depth of analysis is where the draft falls apart. It would be good to see substance in the arguments when it comes to comparing various types of ransomware strains and then presenting the respective impacts of each of these individual strains on the sector.
Valid but superficial.
Please take special care to address all the items raised by Reviewer 3.
**PeerJ Staff Note:** Please ensure that all review and editorial comments are addressed in a response letter and that any edits or clarifications mentioned in the letter are also inserted into the revised manuscript where appropriate.
**Language Note:** The review process has identified that the English language must be improved. PeerJ can provide language editing services - please contact us at [email protected] for pricing (be sure to provide your manuscript number and title). Alternatively, you should make your own arrangements to improve the language quality and provide details in your response letter. – PeerJ Staff
Nice work regarding healthcare sector safeguarding! Some of my suggestions to authors are:
I. Use of a table can be included for all RQs described.
II. Limitations of the study can be pointed out as a sub-section.
III. Methodology can be elaborated further on top of just various studies [31-34].
IV. Use of images, graphs, and figures (in some sections) can be more insightful.
-
-
Introduction does provide some level of guidance on the paper's theme. However, the draft itself falls well short of expectations.
A literature review is organised and presented by the authors to address ransomware attacks in the healthcare domain.
60 papers were evaluated.
line 89 to 92 - the first occurrence of any acronym is better expanded and referenced. This applies throughout the manuscript.
The Background section is not entirely organised and the relevance to the core theme of ransomware is not fully captured.
What is the role of NLP or AI for ransomware attacks?
Not much is discussed regarding the workings of a ransomware attack and how it is different in a healthcare setting.
A significant portion of the next section is on RQs and their responses. Not sure if this is a good strategy for a review paper. It could be better organised as a list of RQs with reference to sections that follow.
line 437 - abrupt introduction to PEDA - with little to no background and relevance to a ransomware attack.
line 510 - references missing
Overall, the paper is poorly structured, has little to no organisation, and low contribution to the ransomware in the healthcare field of study.
A significant amount of research work is further warranted to bring this draft up to a presentable form.
-
The manuscript’s English is generally understandable but requires significant improvement for professional clarity and accessibility. There are grammatical errors, awkward phrasings, and repetitive sentences that hinder readability. Examples include:
Page 7, Line 69: “The ransomware attack has significantly affected the healthcare sector, with adverse results in extracting confidential and sensitive patient information” is awkwardly phrased. Consider revising to: “Ransomware attacks have severely impacted the healthcare sector by compromising confidential patient data.”
Page 8, Line 105: “Beyond its role in scientific inquiry, LR merges and synthesizes previous research efforts” is unclear. A clearer version could be: “The literature review synthesizes prior research to provide insights.”
Page 13, Line 314: “Furthermore, ransomware attacks represent significant threats in the healthcare sector, employing diverse strategies to infiltrate and encrypt sensitive hospital information” is redundant with earlier statements. Recommendation: The authors should engage a professional editing service or a proficient English speaker to revise the manuscript for grammar, clarity, and conciseness. Eliminate repetitive phrases and ensure consistent terminology (e.g., “ransomware attack” vs. “ransomeware” on Page 36, Table 6).
Introduction & background to show context. Literature well referenced & relevant:
The introduction effectively highlights the vulnerability of the healthcare sector to ransomware attacks, emphasizing their financial, operational, and patient care impacts (Page 6, Lines 15-21). The background section reviews relevant literature, citing studies on AI, IoMT, and threat modeling (Page 8, Lines 129-175). However, the literature review is somewhat disorganized, jumping between general cybersecurity and healthcare-specific issues without clear transitions. Some references are recent (e.g., 2024 citations), but others are less relevant to healthcare-specific ransomware (e.g., [31] focuses on IoT). The novelty of the study is stated (Page 7, Lines 76-86), but the gap analysis could be more specific about shortcomings in prior reviews.
Recommendation: Reorganize the Background section with subheadings (e.g., “General Cybersecurity Threats,” “Healthcare-Specific Ransomware Challenges”) to improve flow. Provide a more detailed critique of prior reviews to justify the need for this study. Include additional healthcare-focused references from 2022-2024 to strengthen relevance.
Structure conforms to PeerJ standards, discipline norm, or improved for clarity:
The manuscript follows PeerJ’s structure for literature reviews, with sections for Introduction, Background, Methodology, Results (via research questions), and Taxonomy. However, the organization within sections could be improved. For example, the Methodology section (Page 10) mixes research objectives, questions, and search strategy without clear delineation, and the Results section (Pages 12-15) is fragmented across research questions. The taxonomy (Page 52, Figure 3) is a key contribution but is not sufficiently described in the text.
Recommendation: Add subheadings in the Methodology section to separate objectives, questions, and search strategy. Integrate a dedicated Discussion section to synthesize findings across RQs before the Conclusion. Provide a detailed explanation of the taxonomy in Section 5 to clarify its components.
Is the review of broad and cross-disciplinary interest and within the scope of the journal?
The review is highly relevant to PeerJ Computer Science, addressing a critical cybersecurity issue in healthcare, a sector of broad interest. Its cross-disciplinary focus (cybersecurity, healthcare, regulatory compliance) aligns with the journal’s scope.
Recommendation: Emphasize the cross-disciplinary implications (e.g., for healthcare policymakers, IT professionals) in the Introduction to broaden appeal.
Has field been reviewed recently? Is there a good reason for this review?
The manuscript cites recent reviews (e.g., [31-34]) but argues that prior studies lack a comprehensive focus on healthcare-specific ransomware, particularly regarding taxonomy and regulatory implications (Page 7, Lines 76-86). This justifies the review, though the authors could better articulate how their taxonomy and regulatory analysis differ from existing work.
Recommendation: In the Introduction, explicitly compare this review’s scope (e.g., taxonomy, HIPAA compliance) with prior reviews to clarify its unique contribution.
Introduction adequately introduces the subject and makes audience and motivation clear:
The introduction clearly outlines the ransomware threat to healthcare, supported by statistics (e.g., 300% increase in attacks since 2015, Page 7, Line 54). The motivation—to address financial, operational, and regulatory impacts—is evident. However, the audience (e.g., cybersecurity researchers, healthcare administrators) is not explicitly defined.
Recommendation: Specify the target audience in the Introduction (e.g., “This review targets cybersecurity researchers, healthcare IT professionals, and policymakers”). Clarify how the findings can inform practical solutions.
Figures are relevant, high quality, well labelled & described:
The manuscript includes three figures, which are relevant but vary in quality:
Figure 1 (Page 49): The research objectives diagram is clear but simplistic, lacking detailed labels for components like “Analysis” or “Reporting.”
Figure 2 (Page 50): The PRISMA diagram is well-executed, clearly showing the study selection process (1700 to 60 papers).
Figure 3 (Page 52): The taxonomy of ransomware attacks is a key contribution but lacks a detailed textual explanation, making it hard to interpret independently. The 12 tables are comprehensive, summarizing ransomware types, impacts, prevention strategies, and regulatory implications. However, some tables (e.g., Table 6, Page 36) have formatting issues (e.g., “ransomeware” typo, inconsistent column alignment) and incomplete data (e.g., missing encryption details for Crypto ransomware).
Recommendation: Enhance Figure 1 with detailed labels and a caption explaining each component. Provide a thorough textual description of Figure 3 in Section 5, linking it to the RQs. Correct typos and formatting issues in tables (e.g., Table 6). Ensure all table entries are complete (e.g., specify encryption techniques where missing).
Raw data supplied (see PeerJ policy):
The manuscript does not explicitly state whether raw data (e.g., extracted articles, quality assessment scores) are provided. The supplemental files are mentioned (Page 1), but their accessibility and metadata are unclear.
Recommendation: Confirm that raw data (e.g., list of 60 papers, quality assessment scores) are included as supplemental files with descriptive metadata. Add a brief statement in the Methodology section describing the data’s availability.
Article content is within the Aims and Scope of the journal:
The manuscript aligns with PeerJ Computer Science’s focus on cybersecurity and healthcare IT, addressing ransomware attacks, prevention strategies, and regulatory frameworks. The systematic literature review (SLR) approach is appropriate for the journal’s scope.
Rigorous investigation performed to a high technical & ethical standard:
The SLR follows PRISMA guidelines (Page 50, Figure 2), and the quality assessment by two authors (Page 12, Line 275) enhances rigor. The search strategy is comprehensive, covering multiple databases (ACM, IEEE, Springer, etc.) and a 2016-2024 timeframe (Page 11, Lines 237-244). However, ethical considerations (e.g., transparency in data extraction) are not explicitly addressed, and the quality assessment criteria (Page 12, Lines 276-289) are vague (e.g., “Integration and Analysis of the data” lacks specificity).
Recommendation: Add a statement on ethical practices (e.g., transparency in study selection, conflict of interest disclosure) in the Methodology section. Clarify the quality assessment criteria with specific examples (e.g., what constitutes “Integration and Analysis”).
Methods described with sufficient detail & information to replicate:
The methodology outlines the search strategy, inclusion/exclusion criteria, and study selection process (Page 11, Lines 214-263). The PRISMA diagram (Figure 2) clearly illustrates the filtering process (1700 to 60 papers). However, some details are insufficient:
The search string (Page 11, Lines 217-222) is provided, but the specific databases queried (e.g., Web of Science, Scopus) are only partially listed in Table 3.
The quality assessment process (Page 12, Lines 276-289) lacks detail on how scores were calculated or disagreements resolved.
The taxonomy’s development process (Page 52, Figure 3) is not explained, limiting replicability.
Recommendation: List all databases queried in the Methodology section, not just in Table 3. Describe the quality assessment process in detail (e.g., how scores were aggregated, how conflicts were resolved). Explain the methodology for developing the taxonomy (e.g., thematic analysis, expert input).
Is the Survey Methodology consistent with a comprehensive, unbiased coverage of the subject?
The SLR methodology is systematic, using a broad search string and multiple databases to ensure comprehensive coverage. The inclusion criteria (e.g., healthcare focus, 2016-2024) and exclusion criteria (e.g., non-English, non-ransomware studies) are appropriate (Page 11, Lines 230-244). However, the reliance on only 60 papers may miss some relevant studies, and the exclusion of non-English articles could introduce bias. The quality assessment criteria favor highly cited papers (Page 12, Line 287), potentially overlooking newer, less-cited but relevant studies.
Recommendation: Justify the selection of 60 papers and consider expanding the sample if feasible. Acknowledge the limitation of excluding non-English studies. Revise the quality assessment to reduce bias toward highly cited papers (e.g., include a criterion for methodological rigor).
Are sources adequately cited? Quoted or paraphrased as appropriate?
Sources are generally cited appropriately, with references supporting claims about ransomware types, impacts, and prevention strategies (e.g., [7], [13], [17]). However, some claims lack citations (e.g., Page 13, Line 300: “emphasizing the importance of regular software updates” is not referenced). Paraphrasing is adequate, but direct quotes are rare, which is appropriate for a literature review.
Recommendation: Add citations for unsupported claims (e.g., software updates on Page 13). Ensure all factual statements are backed by references.
Is the review organized logically into coherent paragraphs/subsections?
The review is logically organized around six research questions (RQs) (Page 28, Table 2), but the Results section (Pages 12-15) is fragmented, with each RQ addressed separately without synthesis. The Background section lacks clear transitions between topics (Page 8, Lines 129-175). The taxonomy (Section 5) is a standalone figure without sufficient integration into the narrative.
Recommendation: Add a Discussion section to synthesize findings across RQs, highlighting common themes (e.g., phishing as a propagation method). Use subheadings in the Background section to improve coherence. Integrate the taxonomy into the Results section with a detailed explanation.
Impact and novelty is not assessed. Meaningful replication encouraged where rationale & benefit to literature is clearly stated:
The manuscript claims novelty through its comprehensive taxonomy, regulatory analysis, and focus on healthcare-specific ransomware (Page 7, Lines 76-86). The replication of prior findings (e.g., ransomware types like WannaCry, Locky) strengthens credibility. The taxonomy (Figure 3) is a novel contribution, but its development and practical utility are underexplored.
Recommendation: Provide a detailed explanation of the taxonomy’s development and potential applications (e.g., for healthcare IT training) in Section 5. Compare the taxonomy with existing frameworks to highlight its uniqueness.
Conclusions are well stated, linked to original research question & limited to supporting results:
The conclusions (Section 6, not fully provided in the document) are referenced as summarizing key insights (Page 8, Line 123). The findings address all RQs, covering ransomware types (RQ2), impacts (RQ3), prevention strategies (RQ4), and regulatory implications (RQ5). However, the conclusions are likely brief, as the document truncates before fully detailing them. The lack of a Discussion section limits synthesis across RQs.
Recommendation: Ensure the Conclusion explicitly addresses all RQs, summarizing key findings (e.g., dominant ransomware types, most effective prevention strategies). Add a Discussion section to integrate findings and discuss implications.
Is there a well developed and supported argument that meets the goals set out in the Introduction?
The manuscript achieves its goals of analyzing ransomware types, impacts, prevention strategies, and regulatory implications (Page 7, Lines 76-86). Tables 6-12 provide robust evidence, summarizing ransomware variants, impacts, and frameworks. However, the argument is weakened by fragmented presentation and limited synthesis. The taxonomy’s role in advancing the field is not fully articulated.
Recommendation: Strengthen the argument by synthesizing findings in a Discussion section, linking ransomware types, impacts, and prevention strategies. Clarify how the taxonomy addresses gaps in prior research.
Does the Conclusion identify unresolved questions / gaps / future directions?
The Conclusion (partially described) likely identifies future directions, as the study mentions exploring unresolved challenges (Page 8, Line 123). However, specific gaps (e.g., limitations of ML/DL techniques, scalability of blockchain solutions) are not detailed in the provided text.
Recommendation: Ensure the Conclusion lists specific unresolved questions (e.g., “How can ML models be trained on diverse healthcare datasets?”) and future research directions (e.g., lightweight blockchain for resource-constrained hospitals).
The manuscript addresses a critical issue in healthcare cybersecurity, with a comprehensive focus on ransomware types, impacts, prevention strategies, and regulatory implications.
The SLR methodology is rigorous, following PRISMA guidelines and covering multiple databases (Page 50, Figure 2).
The taxonomy (Figure 3) is a novel contribution, offering a structured framework for understanding ransomware attacks in healthcare.
The tables (e.g., Table 6 on ransomware variants, Table 12 on cybersecurity frameworks) are detailed and well-organized, providing valuable summaries.
The focus on regulatory compliance (e.g., HIPAA, GDPR) adds practical relevance for healthcare organizations.
All text and materials provided via this peer-review history page are made available under a Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original author and source are credited.