The rising global threat of ransomware has become a grim reality. “WannaCry” virus, over a year ago, unleashed one of the worst and most widespread cybersecurity attacks ever seen that crippled business operations across the world including hospitals, government offices, telecommunications, banks and other industries critical to national infrastructure. One of the most seriously impacted victims of the WannaCry ransomware attack was the National Health Service (NHS) in the UK where some hospitals were forced to cancel outpatient appointments.
If any positives can be said to have come out of the situation, it is that WannaCry has served as a wake-up call for IT departments supporting the healthcare sector globally, as the devastating impact of an advanced and sustained cyber security attack has been made crystal clear to all concerned. It cannot be allowed to be repeated.
Cyber security and healthcare
At a time when other industries have become more sophisticated in detecting and blocking cyberattacks, criminals have begun actively hunting for new sources of valuable data and have realised there are potentially rich pickings to be found in the healthcare sector. Healthcare institutions collectively hold huge amounts of highly sensitive information on the vast majority of the population and, in some cases, their IT systems will also have links to financial services data.
When it comes to IT security, healthcare organisations have been slow to adopt the kind of preventative practices that have worked for other industries. Many medical personnel are unaware of the risks to data security (notwithstanding the traditionally strong emphasis on patient privacy in the sector). Healthcare organisations also tend to have smaller security budgets and teams than organisations operating in other sectors which brings obvious additional challenges.
As organisations in the Middle East embrace new technology to drive flexibility, cost-efficiencies and growth, it is important for Chief Information Officers (CIOs) to build secure IT infrastructures that not only withhold attack, but have backup processes in place to ensure data remains available for all who need it.
The need for prevention
The axiom “prevention is better than cure” is as true for the field of IT security as it is for healthcare and the effectiveness that preventive action has against cyber security threats cannot be overstated. Offsite and offline backups not only mitigate the effects of ransomware, but when combined with the right security suite and employee awareness training, can help prevent the problem altogether. When it comes to security and data backups, however, the reality between what should be done, and what is happening is startling.
Veeam research suggests that only just under half of IT decision-makers test their backups on a monthly basis. Long gaps between testing can increase the chances of issues being found when data needs to be recovered. For those that do test their backups, a mere 26% test more than 5% of their backups.
There are a number of ways to externally backup data, from system disks and removable hard drives, to offline tape devices and cloud backups. Whichever option an organisation chooses, the backup repository itself must be protected against attack.
Mitigating the impact of ransomware
There are some obvious steps that all organisations need to take to avoid ransomware attacks. Keeping all software up to date and performing a threat analysis with the security team (including penetrating testing to find any vulnerabilities) is vital.
With ransomware threats becoming more frequent and complex, organisations also need to ensure that they mitigate the impact of ransomware by adopting common best practices for intelligent data management. Once attacked, there are two courses of action; pay the ransom (with no guarantee of the recovery of the encrypted files or that a reinfection won’t occur) or restore data as quickly and reliably as possible.
One of the best tried-and-trusted data protection rules that can effectively mitigate a ransomware attack is called the 3-2-1 rule which prescribes organisations should:
Have at least three copies of their data-the primary data and two copies-to avoid losing data to a faulty backup.
Store the copies on two different types of media-such as tape, disk, secondary storage, or cloud.
Keep one backup copy offsite-either on tape or in the cloud-in the event of local hazards or ransomware infections within the network.
Following the 3-2-1 rule will mean organisations always have an available and useable backup of your data and systems, and in a world where ransomware can instantly take you offline, that is a vital precaution.
Raising awareness
Human error is the leading cause of major security breaches today. All organisations must prioritise compulsory training for all their staff and this is particularly true of the healthcare sector, where staff sometimes faced with life or death decisions may, understandably, not focus on cyber security best practices.
With the impact of high profile cyber security breaches and attacks still being keenly felt, now is the time to seize the opportunity and ensure staff are equipped with the best levels of knowledge of the most effective preventative processes and practices.
A holistic approach
Protecting patients’ health information in the wake of attacks like WannaCry will take a highly coordinated effort among global healthcare organisations, as well as significant investments in new tools and process implementation. But the basics I have outlined above can help make a big difference in a short space of time.
Furthermore, for intelligent data management to be realised in the healthcare sector, CIOs within it will need to address the cyber risks across their organisation, not simply in one niche area (e.g., access to patient records), and be prepared to share these learnings with peers.
Today, hospitals must approach the risk of IT infections with the same level of seriousness as medical ones. Through intelligent data management, healthcare organisations can ensure the necessary processes are in place to ensure malware-based IT data infections can be surgically removed, before ever affecting a patient’s life.