Healthcare Ransomware Reality Check banner

Healthcare’s Ransomware Reality Check

By Theresa Miller • May 6, 2020

Ransomware attacks are impacting businesses at a higher rate than ever. According to Cybersecurity Ventures, a new business will fall victim to ransomware every 11 seconds by 2021, and the world cost is anticipated to be $20 billion.  For enterprises, the risk level is no longer if this will happen, but when.

Healthcare organizations are increasingly the targets of ransomware.  The theft of medical records is inherently harder to detect, data is richer, systems are often legacy, and downtime impacts patient safety leading to higher levels of payment to resolve the incident. Today amidst the pandemic, ransomware prevention/detection is critical, and keeping patient data secured is more important than ever.

Ransomware Reality

It used to be that a ransomware attack was one of those security threats that people talked about, but it never really happened or rarely did. When it does happen no matter how large or small, it’s painful and recovery will only go well with the right backup and data protection strategy in place.

As a practitioner in IT Healthcare for over ten years, we would put in huge amounts of energy and effort into keeping systems patched during off-peak business hours which still can be a critical element to keeping ransomware off your systems. Times have changed, and ransomware is no longer that thing you just talk about it might happen. Ransomware finds a way to sneak into the healthcare organization, encrypt the data, and prevent production workflow. All of this is an effort to steal data and look for financial gain. If your enterprise doesn’t have a plan this is your wakeup call.

The Frontlines

One critical perspective to creating a ransomware prevention and/or recovery strategy for healthcare environments is understanding the risk it can pose to the lives of patients.  Imagine the pandemic we are experiencing today and being a physician or nurse working around the clock on the frontlines to save lives. Doctors and nurses do not have time for technology failures, period. If they cannot authenticate to log in to the system or access their patient’s data, mistakes can be made, and the harsh reality is lives can be lost. For patient safety reasons, healthcare providers are more likely to pay a ransom to get systems online. Does it really need to be that way?

How Cohesity Can Help

It comes down to these simple elements: detection, prevention, and recovery, alongside other critical features.

  1. Detection
    • Early detection can help respond quickly to a ransomware attack and reduce downtime. The machine learning-based anomaly detection in Cohesity Helios helps to discover a potential ransomware attack in progress within the production environment. The alerts are based on daily change rate on logical data, daily change rate on stored data, pattern based on historical data ingest, and entropy/randomness of data, and can be pushed via Helios SaaS console, email or mobile app notification.
  2. Prevention
    • Immutable file system – Sophisticated malware can make its way to the backup date. Cohesity’s immutability ensures that no unauthorized user or application can modify the ‘gold’ copy of the backup. Any attempts to modify the ‘gold’ copy will automatically create a zero-cost clone.
    • DataLock – Ransomware has the ability to attach to your backups and encrypt your data. With Cohesity’s DataLock capabilities—providing a WORM-like protection—your backups are immutable and cannot be tampered with by ransomware.
    • Air Gap – Policy-based data isolation helps to ensure that a secondary copy of mission-critical data is kept off-site either in the public cloud, another data center or on tape.
  3. Recovery
    • Instant Mass Restore – Back up your systems on a cadence that would allow you to do an instant mass restore – which will bring you back online quickly.  Our technology will allow you to recover 100s of machines at a time minimizing any potential downtimes as a result of a ransomware attack.
    • Deep visibility – Cohesity CyberScan, powered by scans allows you to scan your backup copy for any cyber exposures and software vulnerabilities before you recover from it, ensuring you accidentally do not reinject a vulnerability while restoring.

Within your healthcare organization, the implementation of these features into your ransomware prevention and recovery strategy is critical to success. Key benefits: eliminating ransomware as a patient safety concern and keeping your dollars in the bank and not in the hands of the attacker.