More than three-quarters (76%) of healthcare organizations experienced a successful ransomware attack over the past two years in which an attacker gained access to their protected healthcare information. And as you know, unlike in most other sectors, a ransomware attack against a healthcare provider—whether a hospital or a clinician—can have truly deadly consequences.
While startling in its own right, this is all even more troubling when paired with the rapid advancement of artificial intelligence (AI) technologies in 2023, especially generative AI. Unfortunately, access to these sophisticated tools isn’t limited to the good guys—tools like WormGPT are already making it easier for attackers to improve their social engineering with AI-generated phishing emails that are much more convincing than those we’ve previously learned to spot.
There’s no doubt that we’ll see more incredible advancements in AI in 2024, and healthcare will benefit greatly, especially as they continue to transition to heterogenous, multi-cloud environments. However, so will cybercriminals. It’s not out of the realm of possibility that we’ll even see them put AI into full effect with the first end-to-end AI-driven autonomous ransomware attacks that strike with alarming efficiency, effectiveness and little human interaction needed on the part of attackers.
Another concern for 2024 are targeted cell-level data corruption attacks—an evolution of traditional ransomware techniques where code is secretly implanted deep within a victim’s database that lies in wait to covertly alter or corrupt specific but undisclosed data if the target refuses to pay a ransom. The real threat here is that victims won’t know what data—if any, the hackers could be bluffing—has been altered or corrupted until after the repercussions set in, thus effectively rendering all their data untrustworthy. This type of attack is particularly dangerous when it comes to patient medical records and this is what I fear the most. Imagine a malicious attack corrupting the data on the blood type or known allergies of patients.
All this to say: the ransomware threat is still very real, it’s not going anywhere and it must continue to be taken seriously. In fact, early evidence suggests 2023 saw more attacks than ever and they weren’t all focused solely on profit—many aimed simply at wreaking havoc. Defending against ransomware in 2024 should be a top priority.
Fighting Fire with Fire
More than two-thirds of organizations are looking to boost their cyber resiliency with the help of AI. But, given AI’s dual nature as a force for both good and bad, the question going forward will be whether organizations’ AI-powered protection can evolve ahead of hackers’ AI-powered attacks.
I’m optimistic it will. In fact, I believe AI-driven data management that does what healthcare IT teams can’t or don’t have the time to do is the future, and the future is now. Already, AI-driven anomaly detection and other similar security measures part of a comprehensive data management strategy are helping healthcare organizations protect against the effects of ransomware in the ever-evolving threat landscape.
We’ll also soon see the emergence of AI-driven adaptive data protection. AI tools will be able to constantly monitor for changes in behavioral patterns to see if users might have been compromised. If the AI detects unusual activity, it can respond autonomously to increase the level of protection. For example, initiating more regular backups, sending them to differently optimized targets and overall creating a safer environment in defense against bad actors.
Tried and True Through and Through
While AI-driven autonomous and adaptive data management will be key to defending against the evolving ransomware threat, the following four proven best practices are also still crucial to ransomware resiliency:
- Implement true zero trust – Real zero trust is not simply a product or service—it’s a mindset that, in its simplest form, is about not trusting any devices or users by default, even if they are inside the corporate network. Zero trust encompasses many technologies, products, practices and features that need to be built into not only products and services, but company-wide culture and processes.
- Backup frequently and avoid a single point of failure – If you back up your data, system images and configurations frequently, you’ll always have an up-to-date place to resume operations when ransomware strikes. It’s important to follow the 3-2-1 backup rule—keep three or more copies of your data in different locations, using two distinct storage mediums and storing one copy off-site. And at least one of these copies should be on immutable (can’t be changed) and indelible (can’t be deleted) storage. It’s also important to restrict access to backups—with phishing attacks the most common entry point for ransomware, limiting the amount of people who hold backup credentials can minimize room for error.
- Prepare for rapid recovery – As we’ve seen, post-ransomware recovery in unprepared organizations—even those that pay ransoms—can sometimes take weeks, months or even years because it can be a manual and labor-intensive process. But with the right tools, recovery can be orchestrated and automated so it’s quick and flexible—such as rapidly standing up a data center on a public cloud provider—that can shorten downtime and help you avoid paying a ransom. With effective systems in place, recovery times can be reduced to minutes.
- Develop a response plan and test it frequently – During an attack is no time for Ransomware response planning. Emotions run very high and there is a real patient care impact. Creating a ransomware response plan in advance will help you react appropriately and expeditiously in the event of an attack, thereby limiting the effects and scope of the crisis. Your plan should clarify roles and align and empower cross-functional teams with clear communication paths and response protocols. Test and rehearse your plan frequently. Centralized backup and recovery platforms can help you automate testing.
Implementing the combination of AI-driven autonomous and adaptive data management along with these four tried and true best practices is the best way to ensure that you’re protecting your organization and its patients against ransomware in 2024 and beyond.
Rick Bryant is Healthcare CTO for Veritas Technologies.