The following is a guest article by Scott Ragsdale, Head of U.S. Healthcare Region at Nutanix
Ransomware is a critical threat in today’s business landscape, and the effects of these attacks are especially detrimental for healthcare organizations. Despite advances in security, ransomware attacks have increased by an alarming 95 percent year-over-year. This trend is likely to continue as cybercriminals become more emboldened and sophisticated, in part due to new technologies—like generative AI (genAI)—which help them carry out smarter, more frequent attacks.
Earlier this year, a large healthcare technology company experienced a ransomware attack that, “affected billing and care authorization portals…led to prescription backlogs and missed revenue for providers, posing potential threats to worker paychecks and even patient care.” This incident highlights the fact that healthcare organizations have a lot more to lose than the typical negative outcomes associated with ransomware attacks, such as downtime, financial loss, and reputational damage. A ransomware attack on a healthcare company can have real, human consequences for the people who entrust these organizations with their care—medical procedures and other critical care, like prescriptions, could be delayed.
Unfortunately, many healthcare organizations will find themselves contending with a ransomware attack at some point. And once an attack has taken place, that is just the beginning. Cybercriminals can demand multiple ransoms, steal private patient data, and/or threaten to share sensitive information. Healthcare organizations need to have robust security tools and protocols in place not only to safeguard their data, but to protect the health of the patients they serve.
Identifying and bouncing back from ransomware attacks is a well-documented challenge across industries: One report found that 87 percent of organizations experience difficulties related to ransomware and malware protection with their current IT infrastructure. Although the healthcare industry has been slower to move to the cloud due to the sensitive nature of its data, adoption has been on the rise in recent years (in part spurred by the pandemic), and today 47 percent of health organizations store protected health information (PHI) in the cloud, which increases their level of risk.
Every healthcare organization needs to be focused on cyber resilience so that when ransomware attacks happen they can continue to carry out their critical functions and minimize the impact on patients. Here are a few ways healthcare organizations can practice cyber resilience and reduce the negative outcomes of ransomware in the cloud.
Employ Automated Security Solutions (But Don’t Neglect Human Processes Either)
The uptick in cloud adoption has expanded healthcare organizations’ attack surfaces significantly, and as a result, there is more to secure than ever before. This is a “superhuman” job: Automated solutions are indispensable for protecting against ransomware attacks at scale. Tools that offer automated detection and recovery capabilities are essential for both identifying and remediating ransomware attacks so that healthcare organizations can continue to carry out their vital functions, even in the midst of an active attack.
Automated solutions are a cornerstone of robust security for healthcare organizations, but it’s important not to overlook human processes either. Employees should receive regular cybersecurity awareness training (more on this later) since human error is a major contributor to cybersecurity incidents in healthcare.
Have Security Fundamentals in Place, But Don’t Neglect to Identify the Attack’s Root Cause
A sobering fact about today’s ransomware attacks is that they’re not just about hackers getting their ransom: Cybercriminals want healthcare organizations’ data—including PHI—and the money they get along the way is just an added bonus. Once that data is stolen, there’s no way of ever getting it back, so healthcare organizations need to get security right the first time. This is why cybersecurity fundamentals such as secure backups, data encryption, and security testing protocols are table stakes.
As noted earlier, automated solutions that support fast detection and recovery are also key, but there’s a catch: Healthcare organizations need to be clear on the root cause of a ransomware attack before trying to remediate it. By attempting to recover before determining an attack’s inception point, healthcare organizations risk being reinfected with malware and compromising their backups. Approaching security with a holistic mindset is the best way to prevent this from happening: Healthcare organizations should encourage effective communication between teams and be sure to get the green light before doing damage control.
Foster a Positive and Engaging Security Culture for Healthcare Workers
Many of us are familiar with the trope that security is everyone’s responsibility, and it should be. But in order to make that a reality, healthcare organizations need to go the extra mile to get employees involved and invested in their mission. They can do this by gamifying and incentivizing security trainings and exercises to get employees on board and thinking critically about their impact on the organization from a security standpoint.
It only takes one employee performing a seemingly innocuous action to have serious consequences. An example of this is when a Health Service Executive (HSE) employee opened an Excel attachment that was unknowingly infected with malware, “ultimately enabling Conti ransomware to be deployed throughout 80 percent of HSE’s IT environment two months later.” The resulting headache and $600 million in damages could have potentially been avoided had employees received comprehensive cybersecurity awareness training. Always keep trainings positive and never shame employees who make mistakes during trainings, as it could discourage them from reporting legitimate security threats in the future.
The threat of ransomware is here to stay, and healthcare organizations arguably have more on the line than other industries. Accordingly, they need to prioritize cyber resilience and adopt automated detection and recovery solutions that let them carry on as close to “business as usual” as possible, not if—but when—an attack occurs.
No comments:
Post a Comment