Ransomware Defense: Creating a Resilient Healthcare IT Environment

MAY 21ST, 2024
Vitali Edrenkine
EVP, Worldwide Sales & Marketing

Healthcare made headlines again this year, but not in a good way. UnitedHealth subsidiary Change Healthcare topped the list of recent ransomware attacks on the industry. The company announced that the cost of the attack exceeded $872 millionThat doesn’t include the reported $22 million ransom payment.

The audacity of the cybercriminals from RansomHub, a notorious gang, is alarming. They are purportedly selling highly sensitive patient information, which they stole from Change Healthcare, on the dark web. What's more, these criminals infiltrated the company’s systems nine days before launching the cyberattack, allowing them ample time to exploit further vulnerabilities.

In this case, a simple but crucial oversight opened the door for this attack: UnitedHealth’s CEO told a U.S. Senate committee that the company didn’t have multi-factor authentication on the attacked server. 

Technological Advances Increase Vulnerabilities

That vulnerability is just the tip of the iceberg regarding data and IT resilience for the healthcare industry. Digital transformation—from electronic health records (EHRs) to telemedicine to wearable devices—has helped healthcare become more efficient, accurate, and accessible. However, this transformation has also increased cybersecurity risks by exposing a much larger attack surface. 

With ransomware and other cyberattacks on the rise, protecting patient privacy, data integrity, and the ability of healthcare systems to remain operational is a fundamental requirement. Understanding and mitigating these threats demands a robust IT and data resilience strategy that protects your organization’s data and ensures compliance with regulatory frameworks like HIPAA. 

How to Ensure IT Resilience In Healthcare

The National Institute of Standards and Technology (NIST) defines information system (i.e., IT) resilience as “the ability of an information system to continue to: (i) operate under adverse conditions or stress, even if in a degraded or debilitated state, while maintaining essential operational capabilities; and (ii) recover to an effective operational posture in a time frame consistent with mission needs.”

For healthcare organizations, this means ensuring that your IT systems can anticipate, prepare for, respond to, and recover from cyberattacks while maintaining service continuity and safeguarding protected health information (PHI). Compliance with regulations like HIPAA adds another layer of complexity, requiring proactive measures that ensure patient data confidentiality, integrity, and availability.

6 Steps to Ensuring IT and Data Resilience In Healthcare

Ensuring you meet these requirements demands a focused approach that includes everyone in your organization, from the frontlines to the executive suite. Here are the steps you should take to get there.

1. Risk Assessment and Management
Conduct thorough risk assessments to identify vulnerabilities within healthcare IT systems. Assessment must consider all potential entry points for ransomware, including employee devices, patient monitoring devices, remote access systems, and any third-party services. The NIST offers a “Guide for Conducting Risk Assessments” to help you ensure your assessment is comprehensive.

2. Employee Training and Awareness Programs
The Verizon Data Breach Investigations Report (DBIR) found that the human element was involved in 68% of breaches. That includes social engineering, which the American Hospital Association (AHA) recently warned about in an article that describes how threat actors have been using the stolen identities of revenue cycle employees to launch attacks against hospital IT desks. The NIST’s Computer Security Resource Center offers several valuable “Awareness, Training, and Education” publications to help you implement effective programs. 

3. Comprehensive Data Backup and Disaster Recovery Plans
Planning and preparing for disaster is essential to ransomware or cyberattack recovery. To help you implement an effective plan, check out our post, “Step-by-Step Guide to Creating a Disaster Recovery Planhttps://www.arcserve.com/blog/step-step-guide-creating-disaster-recovery-plan.”

4. Invest in Network Security Enhancements (including IoT Cybersecurity)
Deploy advanced network protections to prevent attacks. The NIST Cybersecurity Framework offers quick-start guides, resources, and templates to help you implement effective solutions. These should include intrusion detection systems (IDS) and endpoint protection platforms that can detect and respond to threats in real-time. 

Statista predicts that the healthcare IoT markets will reach $108 billion in revenues this year at a CAGR of 11.47 percent. Your organization may be among those realizing how IoT devices can improve patient care and productivity. However, these devices are also at risk, with a post from the IoT Security Foundation noting that the “IoT ransomware threat is more serious than you think.” So, include securing these devices in your investments.

5. Plan and Execute Incident Response Exercises
Develop and maintain an incident response plan specifically for your healthcare environment. Your plan must outline clear roles, responsibilities, response procedures, and communication strategies. This post, “How to Respond to a Disaster,” can help guide your plan.

6. Deploy a Unified Data Protection Platform
Given that your organization may have data across facilities, storage mediums, and applications, a unified data protection solution is your best bet. Arcserve Unified Data Protection (UDP) protects your organization’s systems and data from attacks and loss, along with increased IT resilience, which comes with simplifying processes across all storage platforms—local, virtual, or cloud.

Arcserve UDP also delivers advanced cybersecurity because it is safeguarded by Sophos Intercept X Advancedfor Server. This next-generation anti-exploit, anti-ransomware, and root-cause analysis solution uses deep learning, an advanced form of machine learning to detect both known and unknown malware without relying on signatures.

Deep learning makes Intercept X smarter, more scalable, and more effective against never-before-seen threats. It leverages deep learning to outperform endpoint security solutions that use traditional machine learning or signature-based detection alone.

The solution also blocks ransomware attacks before they wreak havoc on your organization. It also includes ransomware prevention and protection technology that detects malicious encryption processes and shuts them down before they spread across your network. It prevents both file-based and master boot record ransomware.

Any encrypted files are rolled back to a safe state, meaning your employees can continue working uninterrupted with minimal impact on business continuity. You get detailed post-cleanup information so you can see where the threat got in, what it touched, and when it was blocked.

Give Your Ransomware Defenses a Booster Shot

By working with an Arcserve Technology Partner, you gain access to IT experts who focus on delivering the best defense against ransomware with data protection and resilience solutions that meet your specific requirements.

Find an Arcserve Technology Partner here.

To learn more about Arcserve UDP, request a demo.