Ransomware and Healthcare: Time for a Year-End Checkup

Just last month, CommonSpirit Health—the fourth-largest U.S. health system with 140 hospitals from Seattle to Tennessee—was hit by a ransomware attack. The attack delayed some patient care and certainly didn’t enhance patient confidence in the hospital’s ability to protect their private data. Sadly, CommonSpirit is just part of a growing trend. According to Sophos' The State of Ransomware in Healthcare 2022 report, 66 percent of its 5,600 healthcare respondents across 31 countries were hit by ransomware last year.

The same report highlights a 69 percent increase in the volume and a 67 percent increase in the complexity of cyberattacks—the highest across all sectors Sophos tracks. Even worse, while 61 percent of respondents paid the ransom, just 2 percent got all their data back. Add it all up, and the diagnosis is clear: healthcare providers must do more to protect patient data and ensure business continuity.

Think of this as your annual checkup, when your IT team assesses your health in terms of cybersecurity, ransomware defenses, and business continuity and figures out what you’re doing right—and wrong. Here’s a list of data protection best practices to help you get started.

Update Your Disaster Recovery Plan

As with any emergency room, preparation is crucial to delivering the best possible care when someone gets sick or hurt. The same holds true when it comes to cybersecurity and disaster recovery. Now is the time to pull out your disaster recovery plan and scrutinize every detail so you’re confident your data is always protected and can always be recovered.

Check out this blog for a step-by-step guide to creating a disaster recovery plan. It covers everything from building your disaster response team to documentation and testing.

Commit to Ongoing Cybersecurity Training

The Verizon 2022 Data Breach Investigations report found that 82 percent of data breaches involved the human element—social attacks, errors, and misuse. All it takes is a click on a malicious link or downloading an infected document to cause serious injury to your institution. That makes your people your first and most crucial line of defense against data loss and downtime.

Help them fight back by giving them the tools they need to spot a scam and stop an attack. That help should come in the form of ongoing cybersecurity training for every employee that accesses your data. It should also include regular testing to ensure policies are followed and everyone is security conscious at all times.

Bolster Your Cyber Defenses

Your healthcare organization has more exposed vulnerabilities than ever, thanks to medical advances that leverage IoT and other technologies for better patient care. That’s because these devices generate sensitive data that must be protected under HIPAA rules. So, your next line of defense is ensuring you have the latest cybersecurity solutions in place—antivirus software, intrusion detection and prevention, firewalls, and more. You also need to ensure that all of your hardware and software is patched and updated with an ongoing patch management program.

Invest in Data Protection, Backup, and Disaster Recovery

IBM’s Cost of a Data Breach 2022 report notes that the healthcare industry held the dubious honor of having the highest average total cost of a data breach—$10.10 million. So investing in solutions that help you avoid those costs is simply common sense.

Immutable storage for your backups should be first on your list of requirements. When your data is backed up to an immutable object store, it is saved in a write-once-ready-many-times format. That means it can never be altered or deleted—even by an admin. No matter what happens to your primary data and systems, you can count on your immutable backups being there, ready to be restored.

Arcserve OneXafe offers immutable, scale-out network-attached backup appliance that takes low-overhead snapshots of your data every 90 seconds. These snapshots are a view of your file system at the instant the snapshot is taken. If you are hit by ransomware—or any data loss—you can go back to a specific point in time and recover your entire system in minutes.

For all-in-one data and ransomware protection, there’s Arcserve UDP. Safeguarded by Sophos Intercept X Advanced cybersecurity, Arcserve UDP uniquely combines deep-learning server protection, immutable storage, and scalable onsite and offsite business continuity. The result is a multi-layered approach that gives you complete IT resiliency for your virtual, physical, and cloud infrastructure.

The IT Doctor Is In

Data protection, backup, and disaster recovery doesn’t have to be overwhelming and complex. Just call in a specialist by choosing an expert Arcserve technology partner. They’ve got the answers you need to diagnose your problems and put a corrective action plan in place immediately. And be sure to check out our 30-day free trial offers.