September 16, 2019
By Ryan Weeks
Ransomware is malicious software that denies access to data or systems until a ransom is paid. While it sounds like something out of a movie, it is a very real and widespread threat. Hackers don’t discriminate, they attack where they believe there is valuable data and individuals willing to pay to regain access to it. This makes healthcare organizations prime targets.
According to Cyber Pulse: The State of Cybersecurity in Healthcare, one in four healthcare organizations were hit by ransomware in 2018, and by 2020 that number is expected to quadruple. Healthcare organizations are prone to ransomware attacks because there is an increased likelihood of payment due to the life-threatening consequences that can arise when patient data and hospital systems cannot be accessed. It is no longer a matter of whether an organization will be hit by ransomware, but rather when. So what are the consequences for healthcare organizations infected with ransomware and how can healthcare organizations prepare for the inevitable?
The costly effects of a ransomware attack
Behind the scenes, cybercriminals are continuously at work attempting to infect organizations’ hard drives all around the world with malware and ransomware through tactical phishing campaigns. Rather than targeting a single individual, attacks are directed at a large pool of people, in the hopes that a small percentage become infected. The phishing campaigns impersonate everyday services and communications, sharing fake documents or folders, in an attempt to infect computers. Once clicked, the system is then infected with ransomware, blocking their computer system or personal files. Hackers then demand ransom amounts that are not exorbitant to a single victim, but a rather sizable amount that is profitable and more likely to be paid than not.
The scary truth is that entire healthcare organizations are at risk of falling victim to ransomware, locking healthcare providers out of important patient data. Diagnoses, treatment plans, and patient history are all vital to ensure a patient receives the best care possible. When that information isn’t readily available, patients and providers are put in precarious positions. People’s lives depend on healthcare providers’ ability to access patient information. When that information isn’t accessible, there is an increased risk of medical errors, wasted time due to lack of efficient processes, and duplicate tests conducted to account for missing information.
In addition to the lives at risk when patient data is down, according to Gartner, the average cost of enterprise network downtime is $5,600 per minute, which equals more than $300,000 per hour. For many organizations, an unexpected cost of $300,000 per hour (for an undetermined amount of time) can cripple operations. Addressing a business’s digital health ahead of an attack can help minimize, and in some cases, prevent downtime all together.
Planning for the inevitable
There are three proactive measures companies must follow to prepare for and defend against ransomware: education, implementation of antivirus software and adoption of total data protection tools.
The first layer of defense is educating employees on what ransomware is and what to expect from an attack. A ransomware prevention program can educate individuals about the dangers of social engineering, phishing campaigns, and best practices for determining whether or not to open an email attachment. Organizations need to teach their employees how to spot anomalies in their networks and best practices for how to respond. That said, even the most educated people are not immune to human error and education on its own is not an adequate solution.
The second layer of ransomware defense is antivirus protection. If a malicious link or attachment is clicked or downloaded, antivirus will often save a system from a full-blown infection. Antiviruses are imperative but not invincible, as new strains of ransomware are being created at a rate higher than the antivirus solutions to protect against them. This makes it crucial for organizations to understand where vulnerabilities exist within the systems and networks in order to keep pace with the speed at which cybercriminals are working.
Total data protection
What most people do not realize is that ransomware can lay dormant in a system for long periods of time until it is activated. Therefore, a data protection solution is the ultimate fail-safe in a layered defense strategy. It takes snapshots of the data and systems and stores them in a secure location. If you fall victim to ransomware, you can simply “turn back the clock” to a snapshot before the infection occurred.
Depending on the size and skills of the IT team, outsourcing business continuity to ensure “turning back the clock” is effective can free up employees to focus on business activities. Healthcare organizations can empower managed service providers (MSPs) to oversee an organization’s cyber protection and backup operations, helping to minimize cyber threats.
Regardless of the pre-attack solutions implemented, it is imperative that healthcare organizations implement a data backup and recovery plan in the event that their data is compromised. A data backup and recovery plan ensures patient-critical data is always backed up seamlessly, restored quickly and protected securely. A proactive data backup and recovery strategy built on the latest cloud technologies will help to ensure that IT systems run continuously even during emergencies.
The Urology Austin Radiation Center treats patients with complex cases, requiring complete access to their medical records, previous treatments, and medications prescribed.
On January 22, 2017, Urology Austin was hit by ransomware, locking providers out of all patient data, which would prevent further treatment of patients. It was crucial that they get their system back up and running as quickly and efficiently as possible.
Fortunately, Urology Austin was prepared for such an event. Through a data backup and recovery strategy implemented by their MSP, GCS Technologies, Urology Austin was able to restore all their patient information and continued providing uninterrupted care to their patients. Ultimately, Urology Austin did not succumb to the attackers’ demands and did not pay the ransom.
Not all organizations are as fortunate. According to a recent survey from Datto, only about half of small and medium-sized businesses (SMBs) have a disaster recovery plan in place like Urology Austin, which would assist them in getting back up and running more quickly following a ransomware attack. As ransomware attacks on the healthcare industry continue to rise, healthcare organizations need to take proactive steps to safeguard their business, and more importantly, save patient lives.
About the author: Ryan Weeks is the chief information security officer for Datto Inc.