Mar 8
2023
How To Prepare For Data Disruption In The Healthcare Industry
By Anthony Cusimano, technical director, Object First.
There’s no sugarcoating it: cybercriminals are attacking the US healthcare industry. The FBI announced recently that healthcare suffered more ransomware attacks than any other industry in 2022.
As healthcare professionals, the ultimate goal is to provide safe and efficient patient care. Consistent and accurate access to electronic health records is a massive part of this objective, which any data disruption can harm. Once a threat actor is inside a system, they can disrupt operations by exfiltrating data, locking or deleting files, and encrypting data until a ransom is paid. Healthcare organizations should be aware of ransomware’s threat, no matter the institution’s size, and plan to protect its data.
A rampant threat
The focus on healthcare as a target for ransomware attacks has been building for some time. From 2016 to 2021, ransomware attacks against US healthcare organizations more than doubled. But now, cybercriminals gangs are becoming more innovative, using new techniques to get into networks, evade detection, and encrypt files.
In February, the Health Sector Cybersecurity Coordination Center warned healthcare systems of a new ransomware variant targeting the industry: MedusaLocker. The group took advantage of the COVID-19 pandemic to infiltrate and encrypt healthcare systems. Ransomware variants like MedusaLocker, including Royal and Clop, make healthcare their primary target because of the wealth of personal information available in these systems. Additionally, healthcare organizations often have less robust IT/cybersecurity departments than other industries, such as the technology or financial sectors, due to staffing shortages, lack of funds, and outdated tech.
But ransomware isn’t the only thing that can take down a healthcare practice. Natural disasters, such as flooding or inclement weather, or human error, such as an employee accidentally deleting an important file, can happen just as unexpectedly. All hospital IT departments and independent practices should have a data backup and recovery plan to protect sensitive electronic medical records and keep patient care running smoothly and safely. However, often these departments only have the resources to implement solutions that run unmonitored in the background. Without a proper plan, this leaves them vulnerable when data disruptions occur.
While all of this may seem disheartening, actions are within our control. Consider these steps to be prepared for when data disruption strikes.
One step ahead
A solid data protection strategy is as easy as “3-2-1.” This is a simple way to say the organizations should have three copies of their data stored on two different types of storage media, with at least one copy off-site in a completely different geographic location. Making sure your organization meets these requirements is a significant first step.
There are also aspects of the recovery plan that any IT team member or company leader should be aware of. Recovery Point Objective (RPO) and Recovery Time Objective (RTO) are essential details that determine how often a backup is performed (RPO) and how long it takes to get all systems back online from the backup after a restoration process is put in place (RTO). These objectives will differ from business to business depending on the volume of data and the needs and resources of the business. Regardless, it is crucial to be aware of these metrics and find the right fit for your organization so that if a data disruption does occur, you know how long it will take for the data to come back online and how much data will be permanently lost because it had not yet been backed up.
Another way to be prepared is to outline a comprehensive action plan for your organization’s most likely data disruption scenarios, including roles and responsibilities for each key employee. For example, this could include making a list of contact information for the appropriate stakeholders that need to be made aware of a breach or data loss and assigning someone to handle this outreach. It’s worth noting that all company information that may need to be accessed when responding to a data disruption should be kept in a separate system so that it can be accessed during the disruption.
Lastly, make sure you have the correct data backup solution in place. All of the planning in the world can only go so far if the data on the backup device has also been tampered with or otherwise cannot be restored. That’s why investing in immutable data backup storage is essential. True immutable storage solutions ensure files can never be modified or deleted for as long as the immutability flag is set. Once data is made inalterable, it is protected from threat actors, employee mistakes, or any other potential data threat.
Suppose healthcare organizations put just a fraction of the care into protecting their data as they treat their patients. They could avoid complicated, time-consuming, or expensive data recovery with this proper kind of attention, ultimately improving patient care and maintaining the organization’s reputation while reducing the stress on their IT staff.