October 8, 2020
When the global pandemic began to impact the U.S. with shut downs and concerns about the ability for medical facilities to keep up with demand in mid-March, hackers made a surprising promise: they would hold back on attacks against the healthcare industry. This was a huge concession because hospitals are a prime target for ransomware attacks.
The promise didn’t last long. By April, hackers specifically targeted healthcare facilities and labs working on Covid-19 cures. And in September, a ransomware attack hit one of the largest healthcare systems in the country, Universal Health Services.
Ransomware attacks on the healthcare industry are a matter of life and death, literally. In what is believed to be the first death attributed to ransomware, a woman was denied admission to Duesseldorf University Hospital’s emergency room because the cyberattack. Cybercriminals know that healthcare data is critical – and not just patient data and basic hospital administrative functions, like admissions, but also the transmission of data needed for medical equipment and testing capabilities. Failure to access essential networks and files is not an option.
Data backup and recovery
Too often, hospitals and other critical facilities end up paying the ransom to recover their data and get their systems up and running again quickly (although that’s not a sure-fire course of action, as more cybercriminals are refusing to release the data even after the ransom is paid). Security professionals have repeatedly advised against paying the ransom and taking proactive steps, such as regular data backup and instituting a recovery plan that makes an outage as minimal as possible.
However, backup options fail. Organizations rely on a third-party company to handle their data backups, but as Michael Thompson, CEO of Enact Security, told Spirion, sometimes those backups are not valid, with no checking the integrity of the stored data. Even worse, these organizations don’t have a business continuity plan for disaster recovery, meaning that when a company is hit by ransomware, there are no backups to turn to and that downtime halts all operations.
Reducing data sprawl
Healthcare is the most vivid example of how ransomware can negatively impact an organization (or entire industry), highlighting the risks such an attack can cause. But all organizations could become the victim of an attack, and while the lost production may not kill anyone, it will result in financial loss for the business.
Therefore, it is necessary for all organizations to have a viable backup and disaster recovery plan. At the same time, you don’t want – or need – to backup everything, which would make recovery that much more difficult. You will want to focus on backing up the most sensitive and the most important data, i.e., patient records, intellectual property, financials, human resources, administrative resources. You also want to reduce data sprawl, or having sensitive data in areas where it doesn’t need to be. Solutions like Spirion reduce the footprint of sensitive data, thereby not leaving it easily available for ransomware to take over.
Quick remediation and recovery after a ransomware attack should be the goal of every IT department. To achieve this, organizations need to take a proactive approach with their backup and recovery plans. That means identifying the data that would is of the highest value target of ransomware and make sure it makes it into a backup system where the integrity of the data is regularly monitored. No one wants to be a victim of a ransomware attack, but if it happens, your recovery will be quicker if you have confidence in your backup system.