The threat of ransomware has swelled in recent years, with the indiscriminate WannaCry attack five years ago perhaps the first major incident to ring the alarm bells in the eyes of the public after it crippled the NHS. Indeed, while all sectors are vulnerable to ransomware – and can be targeted at any time – the health sector is especially susceptible. Attacks, too, must be headed off with more urgency. This isn’t just because healthcare, like much of the public sector, is lumbered with legacy IT and outdated processes, but the consequences of an attack might be particularly devastating for patients.
Ireland’s Health Service Executive (HSE), for example, was hit by a ransomware attack last May and was still in the process of recovering as late as September. The NHS, meanwhile, suffered losses of £92 million following the WannaCry attack. Healthcare services across the world have, since 2017, sought to rectify the issues that render them so vulnerable, seeking out systems developed by vendors like Wasabi to patch manifold issues including outdated infrastructure and insufficient backup provision. Despite these efforts, the health sector remains very much at risk.
Cause and effect
While it’s valid to question why healthcare is particularly vulnerable, it’s also worth pondering why ransomware gangs so frequently target institutions like hospitals. “Hackers are in the business of extorting as much money as possible by hitting organisations where they can inflict as much pain as possible,” says VP analyst for security and risk management at Gartner, Katell Thielemann. “When it comes to hospitals, particularly in the middle of a pandemic, they cannot take care of patients without technology, and they have been very responsive to ransomware demands, which just incentivises hackers to strike more.”
Beyond a compulsion to pay, in order to restore services and prevent patient harm, the sector also houses a goldmine of data including personal details and financial information. All these factors, combined with the stresses created by COVID-19, has unsurprisingly led to incidents rising in astonishing fashion.
The sector, too, suffers from a number of unique challenges, many of which centre around the growing volume of data held by healthcare services. “Their architecture is typically very complex,” continues Thielemann, adding that “the operational environment is very fluid with crisis after crisis and people coming and going around the clock”.
Beyond personal patient details, organisations host clinical information such as reports, scans, and genomic data. Much of this is also stored in on-premises infrastructure, as opposed to a streamlined, secure and accessible cloud-based platform.
With digital transformation on the agenda for many sectors, including healthcare, the transition of data from local, on-premises storage to the digital sphere over the last few years has also expanded the attack surface. The use of Internet of Things (IoT) devices in medical contexts, moreover, has inevitably opened more gateways into the sector. As Thielemann puts it: “They are full of all kinds of connected medical equipment that create a cyber-physical continuum of threats.”
The lack of modernised and state-of-the-art backup facilities is yet another thorn in the side of healthcare. Deemed the last line of defence against ransomware, backup systems ensure organisations minimise downtime and recover from attacks as quickly as possible. Multiple backups are preferable, as is ensuring geographical separation between backup copies enabled through cloud storage; in keeping with the ‘3-2-1’ rule.
Getting your backup strategy right, however, demands precision, given that opting for a cloud solution doesn’t eliminate risk in and of itself. These systems may still leave organisations vulnerable through misconfigured buckets, exposed remote desktop services and viruses that can slip into a network and inadvertently get uploaded to the cloud as part of a backup process.
The golden copy
For healthcare organisations seeking to raise their resilience against ransomware attacks in 2022 and beyond, cloud solution providers like Wasabi offer a variety of tools that can bolster defences. Dubbed hot cloud storage with immutability for data protection, Wasabi provides a secure, high-performing, air-gapped and immutable data protection system that’s almost impossible to penetrate.
Consistently and securely backing up applications, configurations and data is the cornerstone of ransomware mitigation, and there’s very little the health sector can do but pay the ransom in the event of an attack without a secure, offsite backup. Immutability, which can be achieved through a Wasabi storage bucket, is essential in ensuring any backup created cannot be tampered with. This means that any data written to the bucket can’t be deleted or manipulated through its storage lifetime. Other benefits include preventing encryption by crypto ransomware, while aiding compliance with a swathe of regulations.
It’s also essential that any ransomware-mitigation solution that healthcare IT deploys is cost-effective, given the need to prioritise expenditure on the front line. The cloud, moreover, is the most feasible in terms of storing data in a secure location off-site. The low cost involved in acquiring Wasabi’s hot cloud storage service, for example, offsets the licensing costs of the backup and recovery tools, reducing the overall cost and improving the expected return on investment dramatically.
Fighting ransomware, particularly for a sector as vulnerable as healthcare, requires engaging in a process of improving and enhancing the technology at your disposal on a continuous basis. It’s also a matter of when, and not if, you’ll suffer a cyber attack. In today’s environment, mitigating ransomware means investing in modern infrastructure and cloud-enabled backup systems that can offer secure and immutable storage. This ensures hospitals can always fall back on a golden copy that’s impossible to tamper with, so there’s no payout to cyber gangs, and patients can continue getting the treatment they need.
Learn more about Wasabi’s hot storage and immutable backups services
-
AWS CEO Matt Garman isn’t convinced AI spells the end of the software industryNews Software stocks have taken a beating in recent weeks, but AWS CEO Matt Garman has joined Nvidia's Jensen Huang and Databricks CEO Ali Ghodsi in pouring cold water on the AI-fueled hysteria.
-
Deepfake business risks are growingIn-depth As the risk of being targeted by deepfakes increases, what should businesses be looking out for?
-
Ransomware gangs are sharing virtual machines to wage cyber attacks on the cheap – but it could be their undoingNews Thousands of attacker servers all had the same autogenerated Windows hostnames, according to Sophos
-
Google issues warning over ShinyHunters-branded vishing campaignsNews Related groups are stealing data through voice phishing and fake credential harvesting websites
-
The FBI has seized the RAMP hacking forum, but will the takedown stick? History tells us otherwiseNews Billing itself as the “only place ransomware allowed", RAMP catered mainly for Russian-speaking cyber criminals
-
Everything we know so far about the Nike data breachNews Hackers behind the WorldLeaks ransomware group claim to have accessed sensitive corporate data
-
There’s a dangerous new ransomware variant on the block – and cyber experts warn it’s flying under the radarNews The new DeadLock ransomware family is taking off in the wild, researchers warn
-
Hacker offering US engineering firm data online after alleged breachNews Data relating to Tampa Electric Company, Duke Energy Florida, and American Electric Power was allegedly stolen
-
Cybersecurity experts face 20 years in prison following ransomware campaignTwo men used their tech expertise to carry out ALPHV BlackCat ransomware attacks
-
15-year-old revealed as key player in Scattered LAPSUS$ HuntersNews 'Rey' says he's trying to leave Scattered LAPSUS$ Hunters and is prepared to cooperate with law enforcement
