Ransomware attacks continue to wreak havoc on all types of organizations across almost every industry. The healthcare sector in particular has emerged as one of the top targets for ransomware gangs, and the impact can be more dire than for most others. According to new research by Tenable, ransomware is responsible for 46% of all data breaches in the healthcare sector, compared to 35% of data breaches across all verticals.
Just last month, a major hospital in Maryland lost access to a variety of its IT systems after a ransomware attack. It took officials a full month to restore the hospital’s Electronic Health Record system. Even worse, in October, six separate hospitals across the US – from Oregon to New York – were infected with ransomware within a 24-hour period. The event was severe enough to prompt the US Cybersecurity and Infrastructure Security Agency to issue an advisory to healthcare organizations warning about the rising risk of ransomware.
When hospitals and healthcare providers fall victim to ransomware, they often lose access to critical IT systems, slowing down or even temporarily stopping operation. The malware can take months to fully remove, too often subjecting the organization to significant economic loss. Emsisoft published a report finding that, in 2019, ransomware attacks on healthcare organizations each lasted an average of 287 days and cost an average of $8.1 million.
During a deadly global pandemic, it’s not just the healthcare organization’s bottom line that is in jeopardy, but also patient health. Ransomware attacks can severely disrupt operations for hours or even days, putting patients’ lives at risk. With ICUs across the country now reaching capacity with COVID patients, the stakes are higher than ever.
Malware defenses such as firewalls and employee phishing training are critical, but by themselves they often fail to stop attacks. Ransomware needs to only get through once to infiltrate and cripple an organization. Over the past couple years, hackers have innovated the means to circumvent endpoint security software and elude seasoned IT staff and well-trained users. Email is the most common attack vector, with victims deceived into either providing corporate login credentials (a phishing attack) or downloading an infected file. In the past, these types of emails were easy to spot, but that’s not so true anymore. In advanced whaling attacks, cybercriminals credibly imitate C-level and other high-ranking executives, bypassing spam filters and increasing the likelihood of fooling employees. These sophisticated email-based ransomware attacks can even include personal details taken from social media profiles. In the healthcare sector, such emails may promise information about COVID vaccines or PPE availability. This increases their urgency and authenticity, thus boosting the chances that an employee will take the bait.
Ultimately, the only way for healthcare organizations to really guard against ransomware is to protect data where it lives – at the storage layer.
Healthcare organizations must leverage immutable storage to protect their backup data. This is the only approach that can ensure rapid recovery from ransomware attacks, without the need to pay ransom. Fortunately, immutable storage is both cost effective and easy to use: Once a backup data copy is written, that backup cannot be altered or erased, which makes it impossible for ransomware to encrypt that data. If a ransomware attack does occur, organizations can quickly restore from the most recent backup via a simple recovery process. There’s no need to pay a ransom, no downtime and, most importantly, far less disruption in patient care.
Ransomware-proof storage can be achieved through the use of Object Lock, a new feature that is supported by select enterprise storage systems. Because Object Lock leverages the industry-standard S3 API, there are a variety of storage vendors, data protection software vendors and cloud providers that support it. With Object Lock-enabled systems, your backup data can be protected from ransomware as part of an automated workflow, with no manual intervention required.
Ransomware isn’t going away, as attacks continue to increase. Before the COVID pandemic, cybercriminals had already begun to target the healthcare sector – they knew that healthcare providers prioritize patient care and assumed these providers would be more likely to pay ransom as a result. With the coronavirus outbreak, the industry is under much greater pressure, and ransomware gangs have capitalized by significantly stepping up their attacks. Fortunately, with Object Lock-enabled storage, we have the means to eliminate ransom payments and thereby stop these attacks for good.
About Gary Ogasawara
Gary Ogasawara is Cloudian’s Chief Technology Officer, responsible for setting the company’s long-term technology vision and direction. Before assuming this role, he was Cloudian’s founding engineering leader. Prior to Cloudian, Gary led the Engineering team at eCentives, a search engine company. He also led the development of real-time commerce and advertising systems at Inktomi, an Internet infrastructure company. Gary holds a Ph.D. in Computer Science from the University of California at Berkeley, specializing in uncertainty reasoning and machine learning.