Healthcare and Ransomware: How to Protect Your Patients' Data from Cyberattacks

JANUARY 27TH, 2022

In its list of the most significant healthcare breaches of 2021, HIPAA Journal says that there were 686 healthcare data breaches of 500 or more records last year. Six of the top 10 breaches were ransomware attacks, affecting more than 11 million patient records. IBM’s Cost of a Data Breach Report 2021 notes that healthcare data breaches are the costliest of any industry at an average of $9.23 million—increasing by nearly 30 percent over 2020—while healthcare ransomware attacks cost $4.62 million per incident.

Beyond those financial impacts, Arcserve’s research found that nearly 90 percent of consumers consider the trustworthiness of a business—including healthcare providers—before they choose a product or provider. Headlines about a data breach surely factor into those considerations. That’s why, if you’re a healthcare provider, you need to be sure you are doing everything you can to protect patient data from being exposed. Just as important, if a breach is successful and ransomware locks down your data, you need to be confident you can recover. Here are some tips to help you get there.

Access Free Cybersecurity and Ransomware Prevention Resources

The Center for Internet Security (CIS) offers an excellent security primer on ransomware. In partnership with Akamai, CIS also offers its Malicious Domain Blocking and Reporting (MDBR) service at no cost to all public and private hospitals and related healthcare organizations in the United States.

This fully managed domain security service gives you an added layer of cybersecurity protection. Your organization points DNS requests to Akamai’s DNS server IP addresses. Every DNS lookup is compared against a list of known and suspected malicious domains. CIS says the four primary benefits of MDBR are:

  • Proactive blocking Attempts to access known malicious domains associated with ransomware, malware, phishing, and other cyber threats are blocked and logged.
  • Proven effective and easy to implement Used by more than 1,000 organizations since launching in 2020, MDBR blocked more than 1.5 billion requests for known and suspected malicious web domains on member sites by the end of May 2021. The service can be implemented in less than 15 minutes and requires virtually no maintenance on your part.
  • Won’t interfere with business operations or patient care In the first six months of the MDBR pilot, more than 99 percent of requests were identified as legitimate, and business continued without interruption.
  • Cyber threat protection at no cost A wide range of healthcare organizations can take advantage of this no-cost solution, including:
    • Independent hospitals
    • Multi-system hospitals
    • Hospital-based integrated health systems, meaning an organization consisting of one or more hospitals plus at least one or more groups of physicians that provides a continuum of care and that are connected through joint ownership or joint management
    • Post-acute patient care facilities
    • Psychiatric, rehabilitation, or other specialty hospitals

You can read the MDBR FAQ here.

The Cybersecurity & Infrastructure Security Agency (CISA), part of the Department of Homeland Security (DHS), offers a wide variety of valuable resources for healthcare and the public health sector on its Stop Ransomware website, too.

Preparation Is Your Best Defense

CISA says these are the key questions you need to consider for preserving patient care if you do fall victim to a ransomware attack:

  • Do you have a checklist of items to prepare before visiting the ransomware site (which starts the timer for triggers for subsequent stages of the attack)?
  • When were your last ransomware downtime drills performed, and did you address potential impacts?
  • Was the last data backup restoration of critical systems confirmed?
  • Do any of your insurance policies specifically cover or exclude ransomware-related events?
  • Do you have decision trees that establish the decision-makers at specific conditions and thresholds, including disconnecting clinical and other systems to prevent the ransomware from spreading?

The best way to avoid having to answer these questions is through preparation. While much of the information you need to be prepared can be found in the resources above, here is a high-level set of the steps you should take to prevent becoming a victim of a ransomware attack:

Train Your People About Cybersecurity

Your employees are your first line of defense against cyberattacks. Teach them how to spot potentially malicious emails and attachments. Help them understand how social engineering schemes work so they can avoid being duped—and compromising patient data. The Department of Health and Human Services offers excellent cybersecurity security awareness and role-based training courses for IT administrators, executives, and managers.

Close Your Cybersecurity Gaps

Given the high cost of an attack, investing in security technology just makes sense. That starts with a risk assessment to identify any security gaps, including ensuring your firewalls, systems, anti-malware, and other software are up to date and effective. Upgrades and updates in hardware and software are critical to preventing falling victim to an attack.

Back Up Your Data to Ensure Recovery

Once your data is compromised, or even worse, locked up by ransomware, there isn’t a minute to lose. Regular backups following the new 3-2-1-1 backup rule are your best bet for ensuring you can get your data back.

And when it comes to choosing the right data protection and ransomware recovery solution, Arcserve offers the broadest portfolio of data protection and management solutions available under one roof. Contact us today and talk to one of our data protection experts about your options for ensuring recovery.