The Healthcare Data Resiliency Emergency (and What You Can Do to Prevent It)

By Ahsan Siddiqui, Director of Product Management, Arcserve

More than ever, healthcare organizations are threatened by ransomware. A recent headline in the New York Times emphasizes the point, blaring, “Ransomware Attack Disrupts Healthcare Services in at Least Three States.” 

Cybercriminals are hard at work worldwide, locking up critical patient data and demanding payment. Healthcare is a ripe target because of the vast amounts of sensitive patient data they hold—including personal information, medical records, and financial information—and the ransoms they demand can be massive.

Healthcare Providers Must Implement Ransomware Protection

The numbers show just how urgent putting ransomware protection in place is for healthcare organizations. Sophos’ The State of Ransomware in Healthcare 2023 found that almost two-thirds of healthcare organizations were hit by a ransomware attack the previous year.  

These attacks can quickly bring essential services to a halt. If patient data and medical records become inaccessible due to compromised systems, healthcare professionals can’t provide timely and accurate care. Potential treatment delays, misdiagnoses, and medication errors can severely impact patient safety. 

Unfortunately, paying the ransom is the fastest way back to normal operations for many healthcare organizations. With few choices, a new independent global study by Arcserve shows that 67 percent of healthcare organizations have paid ransoms after an attack. That’s more than any other industry. 

And that’s because the costs of risking patient lives far outweigh the price of a ransom. Interestingly, the same Sophos study found that 100 percent of healthcare organizations that had their data encrypted by ransomware got their data back after paying the ransom. 

Healthcare Ransomware Data Recovery Constraints

Another reason healthcare organizations pay the ransom, according to the Arcserve study, is that only 17 percent of healthcare executives have high confidence in their IT team’s ability to fully recover lost data in the wake of an attack.

Several vulnerabilities common to healthcare organizations can hamper your ability to quickly recover data after an attack. First, many organizations don’t have robust backup systems or data recovery software. Even if they do, many don’t regularly test and update those systems. That makes it difficult to recover your data if it gets compromised or encrypted by ransomware.

Human Factors and Tight Budgets Increase Data Recovery Risks

The human factor comes into play for every organization, not just healthcare. All it takes is an employee clicking on a malicious link or downloading an infected document to let ransomware in. 

Budgetary constraints are another factor, limiting investments in resources, cybersecurity measures, and data recovery software and hardware solutions. Running an outdated security infrastructure and limited in-house cybersecurity expertise only adds to your risks.

A 3-Step Course In Ransomware Protection

It’s important to note that paying the ransom doesn’t guarantee complete data recovery—or protection against future attacks. And paying may, over time, do more harm than good as it encourages future ransomware attacks by making crime highly profitable.

So how do you defend against ransomware and protect your patients’ data—and your organization? Here are three steps you can take. 

1. Develop a Comprehensive Data Resiliency Plan

You must create a well-defined and documented data resiliency plan that outlines strategies, policies, and procedures that help you defend against ransomware and protect your patients’ data. Your plan should encompass preventive measures, incident response protocols, data backup and recovery processes, and continuous monitoring and improvement strategies.

You should also conduct tabletop exercises, as the Cybersecurity and Infrastructure Security Agency (CISA) recommends, along with simulated cyberattack scenarios to test the effectiveness of your data resiliency plans. These exercises can identify gaps and weaknesses in the plans and show you where you need to make adjustments.

You should also conduct post-incident reviews after any actual cyber incidents to assess the effectiveness of your response and where improvements are needed. This feedback loop is crucial for continually improving your response capabilities and your data resilience and disaster recovery plan’s effectiveness.

2. Bolster Data Protection With a 3-2-1-1 Strategy and Immutable Storage

Another step toward data resiliency is implementing the 3-2-1-1 backup strategy. The strategy is simple:

• Keep three backup copies of your data

• Stored on two different media types (disk or tape, for example)

• And store one copy offsite or in the cloud

The last “1” is vital. It stands for immutable object storage. When your backups are stored in an immutable format—using network-attached storage such as Arcserve OneXafe or in the Amazon S3 Cloud using Object Lock—they can’t be altered or deleted.

Arcserve OneXafe provides continuous data protection by capturing immutable snapshots of your data every 90 seconds. That makes data recovery effortless, even in the event of a catastrophe. Immutable snapshots can’t be overwritten either so that you can recover your data from a specific point in time. That means you can revert your systems and data to their state before a ransomware attack or other data disaster.

3. Teach Your Team About Cybersecurity and Data Protection

As noted above, the human element is oversized in the risks you face. That’s why implementing employee cybersecurity training and awareness programs for all staff members is crucial for data resiliency. 

These programs should emphasize the risks associated with ransomware attacks and provide guidelines on best practices. You should train your employees to identify phishing emails, suspicious links, and other potential sources of malware to prevent possible infections and attacks.

Cybersecurity awareness programs equip staff members with the knowledge and tools to actively contribute to your organization’s security posture. Once familiar with best practices, your employees become a vital defense against cyber threats. 

Through ongoing training and reinforcement, you can foster a culture of vigilance and ensure that all staff members understand their role in maintaining robust cybersecurity protocols. Learn more in our post, “8 Ways Employees Can Help Reduce the Risk of Ransomware.”

Get Expert Guidance

By aligning your data resiliency strategies with specific goals, your healthcare organization can minimize its exposure to ransomware attacks and never have to pay a ransom. Better still, you can rest assured your critical data is safeguarded and you can ensure continuity of care with the highest patient safety standards.

Arcserve technology partners can offer expert guidance and support as you focus on implementing data resiliency in your organization. You can find an Arcserve technology partner here.