COVID-19 has evidently magnified the ransomware threat in the healthcare sector to manifolds. In fact, the Google threat analytics group has also recently reported that healthcare organizations, public healthcare agencies, and the individuals who work there are becoming new targets for cybercriminals as a result of the pandemic.
Cyber attackers are becoming more notorious and are unabashedly targeting governments, healthcare bodies, and healthcare professionals alike. World Health Organization (WHO) has recently revealed a fivefold increase in the number of cyberattacks directed at its staff, since the start of the pandemic. In India, the Kerala government’s e-health portal faced a similar data theft attempt in the month of April.
This article originates in India, and. probably reflects a global impact as well. With patient data being so plentiful and abound across the globe, the threat of malicious activity has never been greater in the healthcare domain. As data volumes continue to grow tremendously, keeping everything under control has become almost impossible for many healthcare institutions, leaving them ill-equipped to recover critical information in a timely manner.
The Healthcare industry has always been a favorite among cybercriminals. Who doesn’t remember the infamous WannaCry ransomware and how it cost UK’s National Health Service (NHS) a massive £92million monetary losses due to downtime? With the global healthcare market standing at a whopping $11.9 Trillion, it is a very lucrative choice for cybercriminals to ignore.
Though it’s only been just a few months since the devastating COVID19 pandemic swept the globe, the virus has inadvertently fuelled the ever-present danger posed by cybercriminals and the increasingly sophisticated tools and methods they employ.
The healthcare sector has been hit particularly hard, where stories are emerging from actual patients and caregivers who had been directly impacted by the attack: fake contact tracing apps, postponed COVID-19 treatments, delayed medication administration, hindered medicine research and so much more.
Ransomware (Wannacry) presents an acute crisis that interrupts healthcare and endangers lives in the immediate present.
Wannacry is an old malicious worm from 2017 which attacks variants of Windows. If you have regularly updated your Windows software and/or have a current antiviral program running, then you are most likely safe.
The Ransomware generously tells the victim it has encrypted your computer, but you can pay the ransom using bitcoin to unlock your system. And they even offer you a guarantee.
Here is a video example:
What to do if you have been attacked with Wannacry?
Building on our experience of working with some of the biggest healthcare entities around the world, such as John Hopkins Medicine, Centre for Sight, and Prime Healthcare to name a few, we’ve developed a list of best practices that organizations should follow to protect and recover from ransomware attacks:
Develop a program that covers all of your data needs: You must identify where your critical data is stored, determine your workflows and systems used to handle data, assess data risks, apply security controls, and plan for evolving threats. If it is not protected, it cannot be recovered.
Use proven data protection technologies: You need solutions that detect and notify of potential attacks, leverage external CERT groups, identify and prevent infection, maintain a ‘GOLD’ image of systems and configurations, maintain a comprehensive backup strategy and provide a means to monitor effectiveness.
Employ Backup and Data Recovery (DR) processes: Don’t rely solely on snapshots or replica backup. Your backup process data could just as easily be encrypted and corrupted if it is not stored in a secure way where a ransomware attack cannot get to it. If your processor vendors don’t offer ransomware protection that addresses the proper way to store your data, then your backup plan is a major risk!
Adhere to a unified clinical data archiving: The majority of hospital data comprises of medical imaging that is spread across disparate, legacy PACS applications. By having a unified archiving platform, such as Commvault Clinical Archive in place, healthcare systems can easily search and restore medical imaging data directly from medical imaging software. In fact, Commvault is one of the only few players which ensures that even if the primary system data is infected with ransomware, the archives remain completely secure and readily accessible.
Educate employees on the dangers of ransomware and how to secure endpoints: Train your staff on all DR and data security best practices to get endpoint data protected within your Information Security Program. Most breaches are from good people making simple mistakes.
Have a business continuity plan: One of the reasons healthcare systems pay a ransom is the urgent need to get up and running to care for patients. By having a detailed plan for exactly how to handle an attack, as well as how to restore data from a backup, healthcare systems can feel confident in their ability to quickly recover from an attack.
Regardless of whether the ransom is paid or not, ransomware attacks are costly to healthcare systems in terms of data loss, system downtime, and time spent in recovering data. In addition, there is the potential cost of losing the patient’s trust after the news of an attack becomes public.
Evaluating the current ransomware threat readiness and applying these key steps will ensure that healthcare institutions are in the best position possible– not having to pay the ransom in the first place.
How to Prevent Being Attacked and Recover After an Attack
Key steps to protect healthcare data - Express Healthcare
No comments:
Post a Comment