Machine Learning Models for Predicting Ransomware Attacks on Critical Public Health Infrastructure: A Cross-National Study

Abstract

Machine learning (ML) models have emerged as powerful tools in cybersecurity, offering proactive threat detection and risk mitigation capabilities. This study examines the effectiveness of ML models in predicting ransomware attacks on critical public health infrastructure across multiple countries. Ransomware attacks pose a significant threat to hospitals, laboratories, and emergency response systems, disrupting essential healthcare services and jeopardizing patient safety. Our research employs a cross-national dataset comprising attack patterns, network vulnerabilities, socio-economic indicators, and geopolitical risk factors to develop predictive models for early threat detection. We utilize supervised learning techniques, including decision trees, random forests, support vector machines, and deep learning architectures, to assess their predictive accuracy in identifying ransomware threats. The study incorporates feature engineering methods to extract key predictors, such as anomalous network traffic, phishing email indicators, and system configuration weaknesses. Additionally, we evaluate the role of external variables, including cyber hygiene policies, national cybersecurity readiness, and health sector digitalization levels, in shaping ransomware susceptibility. Model performance is benchmarked using precision, recall, F1-score, and area under the receiver operating characteristic curve (AUC-ROC) to ensure robustness and generalizability across diverse healthcare environments. Findings suggest that ensemble-based models, particularly random forests and gradient boosting techniques, outperform traditional classifiers by capturing complex attack patterns and reducing false positives. Cross-national comparisons reveal significant variations in ransomware vulnerability, influenced by policy frameworks, technological preparedness, and cybercrime enforcement mechanisms. The study highlights the need for integrating AI-driven cybersecurity solutions with existing healthcare IT infrastructures to enhance resilience against ransomware threats. Furthermore, it underscores the importance of international collaboration in threat intelligence sharing and policy harmonization to counteract evolving cyber threats. The insights from this research provide valuable contributions to public health security, guiding policymakers, cybersecurity professionals, and healthcare administrators in implementing ML-driven preventive measures. Future work will explore federated learning approaches to improve privacy-preserving threat detection and assess adversarial attacks on ML models to enhance their robustness in real-world applications.