Why is the healthcare industry so vulnerable to ransomware?

The threat of ransomware has swelled in recent years, with the indiscriminate WannaCry attack five years ago perhaps the first major incident to ring the alarm bells in the eyes of the public after it crippled the NHS. Indeed, while all sectors are vulnerable to ransomware – and can be targeted at any time – the health sector is especially susceptible. Attacks, too, must be headed off with more urgency. This isn’t just because healthcare, like much of the public sector, is lumbered with legacy IT and outdated processes, but the consequences of an attack might be particularly devastating for patients.

Ireland’s Health Service Executive (HSE), for example, was hit by a ransomware attack last May and was still in the process of recovering as late as September. The NHS, meanwhile, suffered losses of £92 million following the WannaCry attack. Healthcare services across the world have, since 2017, sought to rectify the issues that render them so vulnerable, seeking out systems developed by vendors like Wasabi to patch manifold issues including outdated infrastructure and insufficient backup provision. Despite these efforts, the health sector remains very much at risk.

Cause and effect

While it’s valid to question why healthcare is particularly vulnerable, it’s also worth pondering why ransomware gangs so frequently target institutions like hospitals. “Hackers are in the business of extorting as much money as possible by hitting organisations where they can inflict as much pain as possible,” says VP analyst for security and risk management at Gartner, Katell Thielemann. “When it comes to hospitals, particularly in the middle of a pandemic, they cannot take care of patients without technology, and they have been very responsive to ransomware demands, which just incentivises hackers to strike more.”

Beyond a compulsion to pay, in order to restore services and prevent patient harm, the sector also houses a goldmine of data including personal details and financial information. All these factors, combined with the stresses created by COVID-19, has unsurprisingly led to incidents rising in astonishing fashion.

The sector, too, suffers from a number of unique challenges, many of which centre around the growing volume of data held by healthcare services. “Their architecture is typically very complex,” continues Thielemann, adding that “the operational environment is very fluid with crisis after crisis and people coming and going around the clock”.

Beyond personal patient details, organisations host clinical information such as reports, scans, and genomic data. Much of this is also stored in on-premises infrastructure, as opposed to a streamlined, secure and accessible cloud-based platform.

With digital transformation on the agenda for many sectors, including healthcare, the transition of data from local, on-premises storage to the digital sphere over the last few years has also expanded the attack surface. The use of Internet of Things (IoT) devices in medical contexts, moreover, has inevitably opened more gateways into the sector. As Thielemann puts it: “They are full of all kinds of connected medical equipment that create a cyber-physical continuum of threats.”

The lack of modernised and state-of-the-art backup facilities is yet another thorn in the side of healthcare. Deemed the last line of defence against ransomware, backup systems ensure organisations minimise downtime and recover from attacks as quickly as possible. Multiple backups are preferable, as is ensuring geographical separation between backup copies enabled through cloud storage; in keeping with the ‘3-2-1’ rule.

Getting your backup strategy right, however, demands precision, given that opting for a cloud solution doesn’t eliminate risk in and of itself. These systems may still leave organisations vulnerable through misconfigured buckets, exposed remote desktop services and viruses that can slip into a network and inadvertently get uploaded to the cloud as part of a backup process.

The golden copy

For healthcare organisations seeking to raise their resilience against ransomware attacks in 2022 and beyond, cloud solution providers like Wasabi offer a variety of tools that can bolster defences. Dubbed hot cloud storage with immutability for data protection, Wasabi provides a secure, high-performing, air-gapped and immutable data protection system that’s almost impossible to penetrate.

Consistently and securely backing up applications, configurations and data is the cornerstone of ransomware mitigation, and there’s very little the health sector can do but pay the ransom in the event of an attack without a secure, offsite backup. Immutability, which can be achieved through a Wasabi storage bucket, is essential in ensuring any backup created cannot be tampered with. This means that any data written to the bucket can’t be deleted or manipulated through its storage lifetime. Other benefits include preventing encryption by crypto ransomware, while aiding compliance with a swathe of regulations.

It’s also essential that any ransomware-mitigation solution that healthcare IT deploys is cost-effective, given the need to prioritise expenditure on the front line. The cloud, moreover, is the most feasible in terms of storing data in a secure location off-site. The low cost involved in acquiring Wasabi’s hot cloud storage service, for example, offsets the licensing costs of the backup and recovery tools, reducing the overall cost and improving the expected return on investment dramatically.

Fighting ransomware, particularly for a sector as vulnerable as healthcare, requires engaging in a process of improving and enhancing the technology at your disposal on a continuous basis. It’s also a matter of when, and not if, you’ll suffer a cyber attack. In today’s environment, mitigating ransomware means investing in modern infrastructure and cloud-enabled backup systems that can offer secure and immutable storage. This ensures hospitals can always fall back on a golden copy that’s impossible to tamper with, so there’s no payout to cyber gangs, and patients can continue getting the treatment they need.

Learn more about Wasabi’s hot storage and immutable backups services