By Ahsan Siddiqui, Director of Product Management, Arcserve
X: @Arcserve
Healthcare organizations are increasingly under threat from ransomware attacks. Around the world, cybercriminals are locking up critical patient data and demanding large payments to unlock the information. The bad guys are going after healthcare because these organizations handle vast amounts of sensitive patient data—including personal information, medical records, and financial details—and the ransoms they demand can be huge.
That’s why the number of ransomware attacks on U.S. healthcare organizations almost doubled from 2021 to 2022, with more than two-thirds of healthcare organizations now saying they have experienced a ransomware attack, according to a recent report from cybersecurity firm Sophos.
These attacks can rapidly bring essential healthcare services to a halt. If patient data and medical records are inaccessible due to compromised systems, healthcare professionals struggle to deliver timely and accurate care. Treatment delays, misdiagnoses, and medication errors will severely impact patient safety.
Usually, the fastest way out of a ransomware attack is to pay the attackers, so that’s what a lot of healthcare providers do. A new study by Arcserve shows that 67% of healthcare organizations have resorted to paying ransoms when faced with a ransomware attack—more than any other industry.
Understandably, many providers pay the ransom rather than risk the lives of their patients. It’s the quick way to restore access to patient records and operational systems and get care back online. When a hospital is attacked, the debate is not about the ethics of paying hostage-takers; it’s about life and death.
Healthcare’s many ransomware risk factors
Another reason healthcare organizations pay the ransom, according to the Arcserve report, is that only 17% of healthcare executives have high confidence in their IT team’s ability to fully recover lost data in the wake of an attack.
Several vulnerabilities common to healthcare organizations hamper their capacity to quickly recover data in these situations. For starters, many organizations don’t have robust backup systems in place. If they do, they don’t regularly test and update those systems, making it difficult to recover data if it gets compromised or encrypted by ransomware.
Another problem is a lack of offline backups: many healthcare organizations rely solely on online or network-connected backups, which leaves them vulnerable.
And then there’s the human factor. Human error—employees clicking on malicious links or opening infected email attachments—is an all-too-common cause of ransomware spread. Many healthcare organizations still lack employee training and awareness programs regarding cybersecurity best practices.
Budgetary constraints also hamper healthcare organizations. They don’t have much money, so they can’t allocate adequate resources to cybersecurity measures. They’re often running outdated security infrastructure and providing inadequate staff training, which makes it easier for attackers to exploit weaknesses.
A 3-step course of ransomware prevention
It’s important to note that paying ransom does not guarantee complete data recovery or protection against future attacks. It may do more harm than good by encouraging future ransomware attacks and contributing to the profitability and persistence of cybercrime overall.
So what can healthcare organizations do? Here are three ways they can mitigate the ransomware threat and protect their patients—and their business.
1: Develop a comprehensive data resilience plan
Healthcare organizations should create a well-defined and documented data resilience plan that outlines strategies, policies, and procedures to protect against ransomware attacks. The plan should encompass preventive measures, incident response protocols, data backup and recovery processes, and continuous monitoring and improvement strategies.
Healthcare organizations should also conduct regular tabletop exercises and simulated cyberattack scenarios to test the effectiveness of their data resilience plans. These exercises can identify gaps and weaknesses in the plans and indicate adjustments that organizations must make.
In addition, the organization should conduct post-incident reviews after any actual cyber incidents to assess the effectiveness of the response and identify areas for improvement. This feedback loop is critical for continuously improving an organization’s response capability and ensuring its plans’ ongoing relevance.
2. Bolster data security with a 3-2-1-1 strategy and immutable storage
Another crucial measure healthcare organizations should consider is the 3-2-1-1 approach to data security. This strategy stipulates that you maintain three backup copies of your data stored on two distinct media types: disk and tape. Additionally, organizations should store one of these copies offsite to facilitate disaster recovery.
The last 1 in the strategy is immutable object storage. Immutable object storage is an advanced tool for data security. It provides continuous protection by capturing snapshots of information every 90 seconds. It makes data retrieval effortless, even in the event of a catastrophe. Immutable snapshots are impervious to alteration, overwrite, or deletion, which protects data against potential loss. The snapshots enable data recovery from many specific points, allowing organizations to revert to previous file states during downtime, natural disaster, or ransomware attack.
3: Educate and train employees
The weakest link in security is often the user. That’s why healthcare organizations should conduct regular cybersecurity awareness training programs for all staff members. These programs should emphasize the risks associated with ransomware attacks and provide guidelines on best practices. The organization should train employees to identify phishing emails, suspicious links, and other potential sources of malware to prevent possible infections and attacks.
Cybersecurity-awareness programs equip staff members with the knowledge and tools to actively contribute to their organization’s security posture. When they familiarize themselves with best practices, employees become a vital line of defense against cyber threats. Through ongoing training and reinforcement, healthcare organizations can foster a culture of vigilance and ensure that all staff members understand their role in maintaining robust cybersecurity protocols.
Final takeaway
By aligning their data resilience strategies with specific goals, healthcare organizations can minimize their exposure to ransomware attacks and, ideally, prevent ransom payments ever again. Better still, organizations can safeguard their critical data, maintain continuity of care and uphold the highest patient safety standards.