HHS Issues Ransomware Alert for Healthcare: How Immutable Storage Immunizes Healthcare With Data Resilience

APRIL 11TH, 2023

In the last week of February 2023, the U.S. Department of Health and Human Services (HHS) Health Sector Cybersecurity Coordination Center (HC3) issued a sector alert that the Russia-linked ransomware group Clop was behind a mass attack on more than 130 organizations, including healthcare institutions, using a zero-day vulnerability in secure file transfer software GoAnywhereMFT.

The Cybersecurity and Infrastructure Security Agency (CISA) added this flaw to its Known Exploited Vulnerabilities public catalog.

The same week saw the American Hospital Association (AHA) tip healthcare security decision-makers and defenders that they should also be concerned about MedusaLocker, another Russia-based ransomware gang.

And an AHA article on the HC3 alert quoted John Riggi, AHA’s national advisor for cybersecurity and risk, saying, “MedusaLocker is another example of a Russia-based ransomware gang targeting U.S. health care and risking patient safety. Although phishing emails play a significant role in delivering the ransomware into the organization, HC3 notes that this group, like other ransomware gangs, is increasingly exploiting remote desktop protocol (RDP) vulnerabilities for initial access. The advisory recommends that organizations not expose RDP to the internet and put in place the recommended mitigations.”

Widespread Attacks and Painful Impacts

Regal Medical Group in California was attacked on December first, 2022, but didn’t discover the breach for a week. On February 1, 2023, Regal informed the HHS that more than 3.3 million individuals might have been impacted.

Regal hasn’t revealed the type of ransomware involved in the cyberattack or if a ransom was paid. Regardless, the attack likely resulted in a lot of pain and suffering—not just for patients whose information may have been compromised but also for those responsible for protecting that data.

A ransomware attack succeeded against CommonSpirit Health in October of 2022, costing the major health system at least $150 million, and Lehigh Valley Health Network was hit by ransomware in February 2023.

You get the point. If you’re responsible for protecting patient data and ensuring your institution is protected from the ravages of ransomware, if you haven’t already done so, you need to take further action today. Here’s how.

Focus on Data Resilience

ISACA, an international professional association focused on IT governance, says data resilience is data risk management. The organization defines a resilient data system as one that “can continue to operate when faced with adversity that could otherwise compromise its availability, capacity, interoperability, performance, reliability, robustness, safety, security, and usability.”

In a global survey of IT decision-makers commissioned by Arcserve last year, 83 percent of respondents said their organizations include data resilience in their strategies. Unfortunately, only 23 percent have a mature approach with associated goals to track progress.

Achieving data resilience requires a multilayered approach that starts with your people and ends with your last line of defense—immutable backups.

Start With Education

The Verizon 2022 Data Breach Investigation Report found that 82 percent of breaches involved the human element, including social engineering—like spear phishing—errors and misuse. So start by training your people about cybersecurity and their role in protecting your institution’s data.

Whether you hire an outside service or look to public resources like CISA’s “Responding to Ransomware: A Guide to Healthcare Organizations,” make sure your people can recognize suspicious emails and websites and know what to do if they encounter one. Then use ongoing, consistent testing to keep awareness high.

Invest in Prevention

From firewalls to email filters, investing in areas that minimize your vulnerabilities is essential. Ensuring your systems are always patched and updated is another crucial part of prevention. Again, given the complexities of cybersecurity today—and associated ever-evolving threats—it’s worth considering using a managed services provider (MSP) or value-added reseller (VAR) to help you navigate your choices and put prevention technologies in place that make sense for your organization.

Prioritize Backup and Disaster Recovery

Unfortunately, no matter the prevention measures you put in place, you are still at risk. All it takes is a single click on a malicious link or downloading an infected document to let the ransomware gangs into your systems. That’s why you must ensure your disaster recovery plan is updated and tested frequently, including verifying that your backups are error-free.

You’ll also want to follow the 3-2-1-1 backup strategy: Keep three copies of your data—one primary and two backups—with two copies stored locally on two formats (network-attached storage, tape, or local drive) and one copy stored offsite in the cloud or secure storage.

Immutability Ensures Data Resilience

 That last “1” in 3-2-1-1 means you should make sure one copy of your backup is in an immutable format. Immutable backups are written in a write-once-read-many-times format that can’t be altered or deleted. Not by an RDP breach, ransomware, or any other attack vector.

Arcserve OneXafe appliances offer scale-out network-attached immutable storage for on-premises and offsite backups, while Arcserve Unified Data Protection (UDP) software delivers comprehensive data protection and cybersecurity for your critical backup infrastructure across cloud, local, virtual, hyperconverged, and SaaS-based workloads. Arcserve UDP also assures you of immutability for your data backups with its support for Amazon AWS S3 Object Lock.

Call in a Specialist

For most IT teams, just keeping operations running smoothly is challenging enough. Add in the complexities and frequency of today’s threats, and the job can be overwhelming. That’s why it’s well worth talking to an Arcserve technology partner about your requirements. They bring industry-specific expertise to help you implement effective ransomware protection and data resilience solutions that won’t break your budget. To learn more about Arcserve products, contact us.