RPaaS: How to Defend Against Ransomware Attacks in Healthcare

Updated on July 12, 2022

By John Gray

For the past 11 years, healthcare had the highest cost of data breaches out of any industry. In fact, this data theft averaged $9.2 million in 2021. 

Ransomware, which aims to steal data that is financially valuable, can cost businesses an average of $4.6 million. And that doesn’t even include the ransom. From notifying medical system users to spending time to fix the problem to tarnishing an organization’s reputation, exposing sensitive medical information has heavy consequences for the healthcare industry.

A proper defense for ransomware needs to include an all-encompassing strategy, leading organizations from preventative measures to recovery and restoration. Ransomware Protection as a Service(™) (RPaaS(™)) provides healthcare systems with protection, detection and recovery strategies to keeps operations running and most importantly, avoids paying the ransom. 

Taking a proactive approach

Too often, organizations have recovery strategies but lack preventative ransomware strategies. According to InterVision’s Pulse survey, nearly half (46%) of IT decision-makers prioritize ransomware recovery strategies over preventative measures.

Recovery is just one part of ransomware protection, especially as medical information evolves to become more electronic and telehealth grows in popularity. Cybercriminals target the healthcare industry with its regulated, sensitive and many times life-dependent data as one of the most valuable data targets. In fact, Personal Health Information can be worth almost twenty times more than a credit card. 

Healthcare systems need to shift their mindsets and prepare for when — not if — they will fall victim to a ransomware attack. Stopping a threat before it infiltrates IT systems should be the first step to ransomware protection. Working with a partner to implement RPaaS can prevent healthcare organizations from becoming one of the 148 healthcare organizations that suffered a ransomware attack in 2021.

Implementing an all-encompassing strategy

Healthcare groups need peace of mind that their patients and their PHI data will be safe. The last thing a patient should worry about is threats to their health providers’ IT systems. Enabling RPaaS focuses on three components: protection, detection and recovery. Taking a look at each component individually reveals an all-encompassing strategy for keeping systems secure from ransomware threats.


Putting an emphasis on protection efforts makes it easier for companies to handle ransomware attacks. Protection is implemented in two areas: security monitoring and end-user education. Many internal IT teams are already overwhelmed by their daily activities. To contend with scant resources, health systems can partner with a vendor who continuously monitors threats with advanced tools like security information and event management (SIEM) and endpoint detection and response (EDR), both of which identify and contain threats to provide protection and detection. These solutions monitor malware threats 24/7 and are typical offerings from a good Security Operations Center as a Service (SOCaaS) provider.

The other facet of protection is educating employees on proper cybersecurity practices. Tools can protect companies up to a point, but teaching employees what to do to avoid a potential breach will have long-term benefits. Stopping even one employee from opening a phishing email can ease the stress on RPaaS and avoid going into the recovery phases.


Once preventative measures are put in place, the RPaaS team is there to seek out any potential threats that might have passed through. Endpoint detection and response (EDR) monitors the data from the devices on an organization’s network. Any computers, phones and even electronic health records could be pathways for bad actors to breach data. If this happens, monitoring tools can quickly stop the incident from spreading to any other system.


IBM calculated that it took an average of 75 days to contain a data breach, and that was only once it was discovered — after an average of 212 days. Healthcare organizations can’t afford this downtime. Even with preventative measures, teams must acknowledge that some threats will infiltrate the system. In other words, they must have a recovery plan. Recovering from a breach involves steps ahead of time to prepare. In RPaaS, two other services are involved in this stage: Disaster Recovery as a Service (DRaaS) and Backup as a Service (BaaS). 

Having RPaaS can protect systems and detect threats ahead of time, decreasing downtime. Updating backups ahead of time will also allow healthcare organizations to continue working, even with ransomware trapping data. The more an organization is prepared for an attack, the smoother the recovery process will be.

With valuable data and resources, healthcare organizations will always be a big target for attackers. Working with a trusted RPaaS partner promises a comprehensive approach to ransomware protection that can save money, protect sensitive data and enable business continuity. 


About the Author

John Gray is CTO of InterVision, a company that, as a leading strategic services provider, delivers and supports complex IT solutions for mid-to-enterprise and public sector organizations. For 25 years, the company has guided clients through any stage of their technology journeys, using one of the most comprehensive product portfolios of managed IT service offerings available.

The Editorial Team at Healthcare Business Today is made up of skilled healthcare writers and experts, led by our managing editor, Daniel Casciato, who has over 25 years of experience in healthcare writing. Since 1998, we have produced compelling and informative content for numerous publications, establishing ourselves as a trusted resource for health and wellness information. We offer readers access to fresh health, medicine, science, and technology developments and the latest in patient news, emphasizing how these developments affect our lives.