By Diana Salazar, Product Marketing Manager for Enterprise Data Protection, Quantum
Ransomware is rarely out of the news these days. It was back in the headlines recently with the Colonial Pipeline reporting that malware was discovered on its computer systems, significantly disrupting the gas supply system on the East Coast of the United States.
This was followed soon after by an attack on Meatpacker JBS USA, which ended up paying an $11million ransom to get its North American and Australian operations back up and running. Then earlier in June, the non-profit public hospital University Medical Center (UMC) in Las Vegas fell victim to a ransomware attack when an alleged ransomware gang hacked into the hospital’s computer network and exfiltrated data. The group who claimed to hack UMC has been responsible for multiple high-profile attacks.
These attacks – and others like them – were perpetrated by hackers who infiltrate an organization’s IT infrastructure and hold its data hostage until a ransom is paid. Attacks often leave organizations helplessly locked out of their systems, endangering patients who need care. The fallout of this sort of attack can be incredible, potentially causing a spiralling effect on businesses and the general public.
These events should come as no surprise. Cybersecurity professionals have been sounding the alarm on nation-state and financially motivated attacks for well over a decade. With these types of attacks set to continue, organizations must ensure that they’re prepared to defend themselves and their critical data. In today’s world, the healthcare industry simply can’t afford to overlook data security.
In the crosshairs
In 2020 alone, ransomware attacks cost U.S. healthcare organizations $20.8 billion in lawsuits, ransoms paid, lost revenue, fees to rebuild lost data and more. 18 million patient records were affected nationally – a 470% increase from 2019 – as part of 92 individual ransomware attacks targeting 600 clinics, hospitals, and healthcare organizations.
In addition, the FBI recently identified at least 16 Conti ransomware attacks targeting US healthcare and first responder networks. Conti typically steals victims’ files and encrypts the servers and workstations in an effort to force a ransom payment from the victim, with ransom demands going as high as $25 million.
These figures illustrate the rising cyber threat facing the healthcare sector, a trend that’s being driven by several factors. For example, the critical nature of healthcare data – i.e., patient records – makes it an attractive and valuable target for cyber criminals. The interconnected and digital nature of modern healthcare makes infrastructures more vulnerable to attacks such as ransomware, with the accelerating pace of digital transformation leaving security gaps that simply can’t be patched quickly enough.
As the majority of healthcare innovation is focused on improving patient care, organizations are attempting to secure increasingly disparate and complex networks with the same security budget. This presents a perfect storm of threats that’s leaving healthcare organizations on the back foot – not to mention putting patient welfare at risk.
The big question is: with these types of attacks set to continue, what steps must healthcare organizations take to adequately secure their digital infrastructures from ransomware?
The big challenge facing healthcare organizations is that there is no “tried and true” way to stop hackers from exfiltrating data once they’ve managed to gain access to a network. If the network has been infiltrated, the best defense is to put in place several ‘security check points’ or ‘roadblocks’ to slow the attack and provide time to shut down systems, which is how Colonial Pipeline responded.
However, for them, stopping the spread ultimately did not mitigate damage. The attackers locked Colonial out of its systems, made its data inaccessible, and demanded ransom – costing the company lost revenue, loss of public trust, and lost time. In the end, the ransomware gang responsible for the attack stole nearly 100 gigabytes of business-critical data and threatened to leak it onto the internet. With this in mind, healthcare organizations must take steps to prevent a breach – or at least to reduce the probability of a major shut down and data exfiltration.
The first step is establishing a solid backup strategy that includes an offline copy as recommended by the FBI. This ensures access to data won’t be compromised if a hack occurs. This can be achieved by looking at the backup strategy holistically across the entire environment and rigorously testing the recovery method. Tier data off to a cold data solution, whether on prem on in the cloud, as soon as it has fulfilled its value and be prepared to take a multi-layer approach to protect and recover backups. The 3-2-1-1 rule has proven to be extremely effective: keep three copies of the data, using two different storage media types (object, flash, HDD, SSD, or tape), one offsite (physically separate from the building like at a disaster recovery site), and one offline (completely disconnected from the network).
Next, focus on prevention. By understanding your risk profile, identifying possible entry and exit points, reducing the attack surface and hardening systems as much as possible, healthcare organizations can significantly reduce the risk.
Businesses must also review their cyber-hygiene. Simple activities such as regularly scanning the infrastructure for vulnerabilities, quickly remediating the findings, and understanding the threat landscape to identify the biggest potential vulnerabilities can make a significant difference.
Finally, it’s important that organizations invest not only in training personnel and preparing for an attack in their business continuity plans, but also that they test, test again, and conduct even more testing to ensure that the network is secure and can withstand an attack.
As the rising rate of ransomware attacks shows, it has never been more important for healthcare organizations to choose the right solution that can help secure their modern network infrastructures. An effective technology solution should provide data “immutability” to protect and recover critical assets in the case of a breach and ensure that vital patient services are not affected.