In its list of the most significant healthcare breaches of 2021, HIPAA Journal says that there were 686 healthcare data breaches of 500 or more records last year. Six of the top 10 breaches were ransomware attacks, affecting more than 11 million patient records. IBM’s Cost of a Data Breach Report 2021 notes that healthcare data breaches are the costliest of any industry at an average of $9.23 million—increasing by nearly 30 percent over 2020—while healthcare ransomware attacks cost $4.62 million per incident.
Beyond those financial impacts, Arcserve’s research found that nearly 90 percent of consumers consider the trustworthiness of a business—including healthcare providers—before they choose a product or provider. Headlines about a data breach surely factor into those considerations. That’s why, if you’re a healthcare provider, you need to be sure you are doing everything you can to protect patient data from being exposed. Just as important, if a breach is successful and ransomware locks down your data, you need to be confident you can recover. Here are some tips to help you get there.
The Center for Internet Security (CIS) offers an excellent security primer on ransomware. In partnership with Akamai, CIS also offers its Malicious Domain Blocking and Reporting (MDBR) service at no cost to all public and private hospitals and related healthcare organizations in the United States.
This fully managed domain security service gives you an added layer of cybersecurity protection. Your organization points DNS requests to Akamai’s DNS server IP addresses. Every DNS lookup is compared against a list of known and suspected malicious domains. CIS says the four primary benefits of MDBR are:
You can read the MDBR FAQ here.
The Cybersecurity & Infrastructure Security Agency (CISA), part of the Department of Homeland Security (DHS), offers a wide variety of valuable resources for healthcare and the public health sector on its Stop Ransomware website, too.
CISA says these are the key questions you need to consider for preserving patient care if you do fall victim to a ransomware attack:
The best way to avoid having to answer these questions is through preparation. While much of the information you need to be prepared can be found in the resources above, here is a high-level set of the steps you should take to prevent becoming a victim of a ransomware attack:
Your employees are your first line of defense against cyberattacks. Teach them how to spot potentially malicious emails and attachments. Help them understand how social engineering schemes work so they can avoid being duped—and compromising patient data. The Department of Health and Human Services offers excellent cybersecurity security awareness and role-based training courses for IT administrators, executives, and managers.
Given the high cost of an attack, investing in security technology just makes sense. That starts with a risk assessment to identify any security gaps, including ensuring your firewalls, systems, anti-malware, and other software are up to date and effective. Upgrades and updates in hardware and software are critical to preventing falling victim to an attack.
Once your data is compromised, or even worse, locked up by ransomware, there isn’t a minute to lose. Regular backups following the new 3-2-1-1 backup rule are your best bet for ensuring you can get your data back.
And when it comes to choosing the right data protection and ransomware recovery solution, Arcserve offers the broadest portfolio of data protection and management solutions available under one roof. Contact us today and talk to one of our data protection experts about your options for ensuring recovery.