How to Solve the Healthcare Ransomware Epidemic

JANUARY 17TH, 2020

By: Oussama El-Hilali, CTO at Arcserve, and Matt Pascucci, Cyber Security Practice Manager at CCSI

The recent DCH Health System attack in Alabama illustrates the dire consequences that healthcare organizations face if hit with a ransomware attack – three hospitals were forced to close their doors to all but the most critical patients as they struggled to maintain patient care without the use of their computer systems. They’re not the only ones to fall victim to the clutches of ransomware this year. Multiple healthcare providers have found themselves in similar situations, with one provider even paying $75,000 to unlock its systems. Without access to systems for even a few minutes – let alone the days or weeks sometimes faced by healthcare providers if they suffer an attack – medical situations can quickly escalate into life or death situations.

Despite knowing the risks of IT downtime, the healthcare industry is slow to implement effective cybersecurity measures. Research from Rivera shows that only four to seven percent of healthcare IT budgets goes toward cybersecurity, which is a concern given that healthcare data is extremely valuable to hackers. Cybercriminals know that keeping this data accessible is a top priority to healthcare providers, and they hope to extort a large ransom by encrypting this data. Without proper cybersecurity, backup and disaster recovery plans, the healthcare industry is completely vulnerable to these attacks.

Taking a two-pronged approach        

Healthcare organizations need to operate with the mindset that they will eventually fall victim to an attack, and have a plan in place for what to do when it happens. To neutralize the threat of ransomware, healthcare organizations need to take a two-pronged approach to data protection, implementing both cybersecurity measures and backup and disaster recovery protocols.

Some cybersecurity measures that healthcare organizations can take to improve their data protection strategies are:

  • Investing in cyber education for employees: Teaching cyber hygiene best practices will help avoid common employee-related issues, such as phishing attacks, which are often targeted through emails.
  • Implementing advanced threat detection: Cybercriminals are becoming more sophisticated, so cyber protection software needs to keep up. Healthcare organizations should invest in endpoint protection and software that can detect both known and unknown malware, leveraging AI to automatically detect and respond to threats.

Backup and disaster recovery can act as an “insurance policy” if a cybercriminal is able to break through an organization’s cybersecurity measures. When employing a BCDR plan, organizations should:

  • Ensure that backups aren’t vulnerable: Backups should be stored on a separate domain offsite, either on an external hard drive or secure cloud, and IT teams should architect their environments in a way where backups can easily be disconnected from the system to prevent the spread of malware.
  • Consider continuously replicating data: Invest in a solution that provides continuous availability and automatic failover. When a network is compromised, IT systems can automatically