[BreachExchange] Why Healthcare Should Redouble Their Data Protection Efforts Now

Destry Winant destry at riskbasedsecurity.com
Thu Jul 16 10:16:47 EDT 2020


https://healthtechmagazine.net/article/2020/07/why-healthcare-should-redouble-their-data-protection-efforts-now

Healthcare and life sciences organizations are facing an increased
risk of cyberattacks amid the coronavirus pandemic.

Microsoft, for one, has warned hospitals to watch out for
sophisticated ransomware attacks that could target them through their
VPNs and other network devices, while the American Medical Association
and American Hospital Association recently issued guidance on how to
protect telehealth and remote work environments.

Experts say the risks of a successful attack are higher than usual
right now, and ransomware attacks can be devastating to the critical
infrastructure within the healthcare sector. This is due in part to
the crippling effect ransomware has. It restricts access to important
clinical and research data needed by clinicians and researchers that
can mean the difference between life and death.

Consequences of these attacks can be dire, requiring payment to the
attacker, decryption tools, or the gamble of recovering sensitive data
from infrequently tested backups. Putting an organization’s most
valuable asset in a hostage scenario often results in massive payouts
to cybercriminals, federal penalties and reputational damage.

Despite billions of dollars spent annually to guard entry points to
clinical data, many healthcare providers still underestimate the
strategic value of improving data protection. As this pandemic
continues, it is more important than ever that these essential
services are able to not only use their data but also store it
securely.

New and Evolving Ransomware Risks Challenge Healthcare Leaders

Healthcare and life sciences organizations are particularly attractive
targets for ransomware attacks. Not only do they have large volumes of
critical data and intellectual property, but they also face the
additional challenge of tailoring security strategies to a constantly
evolving set of privacy regulations and standards, which often
complicates the path to achieving their mission.

To ensure compliance with government regulations such as HIPAA and
HITECH (the Health Information Technology for Economic and Clinical
Health Act), providers have become intimately familiar with the
importance of backups for critical data. However, as these providers
face exploding demand and unprecedented volumes of data, the need to
restore data quickly has never been greater. Healthcare providers
simply cannot afford to lose access to critical information as they
await its restoration.

Moreover, the rise of remote work has marked a period of vulnerability
for businesses across the country. An abrupt shift from on-premises
operations to the cloud is a significant challenge for many, requiring
the deployment of reliable, fast and secure virtual desktop
infrastructure.

It is crucial for healthcare organizations and businesses to take a
unified approach to data security and ensure the protection of
valuable information at a time when access is vital. The establishment
of these security measures is a tricky balancing act, especially if
they’re built on outdated infrastructure.

Still, these concerns are not limited to the current pandemic.

Ransomware attacks against healthcare and life sciences organizations
are up 35 percent over the past three years, primarily targeted at
direct patient care facilities, according to RiskIQ. Moreover, the
vast majority of ransomware attacks (70 percent) were aimed at small
hospitals and health centers, likely because they have limited
security resources, and hackers expect they will pay the ransom to
recover their data.

Why Hospitals Need Data Backup and Recovery Tools

Whether on-premises or in the cloud, data backups are essential for
mitigating ransomware attacks. They safeguard critical data against
many common scenarios, from disaster recovery to accidental deletions.

These attacks, after all, can stress existing data protection
infrastructure that may be built on outdated architectures, thus
exacerbating business challenges and creating additional downtime and
confusion.

Two recovery functions that are key for limiting the effects of
ransomware attacks are reliability of backups and rapid restoration of
data. Reliable backup technology that can prevent changes or malicious
deletions is paramount. If backup systems and data are compromised, a
full reinstall and reconfiguration of the system would be required.

The second aspect, the rapid restoration of backups, is also essential
for avoiding downtime and ensuring critical data is accessible when
needed.

It is equally important to assess the storage infrastructure that
underpins these critical systems. Legacy systems that are highly
complex and require daily maintenance carry countless vulnerabilities
that limit both the reliability of backups and the speed of
restoration. Infrastructure that emphasizes simplicity is essential
for fast, reliable backups that can confront the constant threat of
ransomware attacks.

As the strain on U.S. healthcare organizations increases, the need for
fast, flexible and secure infrastructure has never been greater.
Businesses of all sizes need to confront this challenge across all of
their operations. This requires that organizations not only focus on
effective storage and management for data, but truly become stewards
of its protection.


More information about the BreachExchange mailing list