If you work in a company that is yet to have a sit-down to discuss how to protect itself from ransomware, then maybe it is time that you introduce the idea yourself. This is especially so in the healthcare industry which hackers have been doing everything they can to get illegal access and make money demanding ransom to decrypt files that are critical to the functioning of healthcare facilities.
Increasingly, companies bereft of valuable data are changing how they approach cyber security. Once bitten, twice shy. Reeling from ransomware attacks that may have cost them millions, these companies now see a comprehensive data recovery plan as the most reliable and effective way of staying safe. Additionally, they have increased the frequency of security drills in an attempt to get their employees ready and cautiously alert and on the lookout for a possible attack.
The frequency of ransomware attack reports has made it look like ransomware is a new phenomenon, yet it has been part of the cyberspace for decades. However, there has been no other time in its history where attacks were as successful as the last 5-10 years. The elaboration and sophistication of today’s ransomware attacks have made the space attractive to even novice hackers who see this as their way of making millions if they can perfect the skills behind it.
To give you an idea of just how ubiquitous the ransomware attacks have become, available data shows that there were 362,000 crypto-ransomware variants in 2015 alone (PDF). You can imagine just how impossible a task it is to try and formulate a security solution for each new variant that cyber criminals release every day. The apparent disproportion of the available solutions and the new ransomware variants being designed is what makes disaster recovery the surest way of mitigating a disaster when the hackers finally find a way into your systems.
The cost of downtime after a ransomware attack in the healthcare sector
Perhaps one of the biggest ransomware attacks in the healthcare industry to date remains the Hollywood Presbyterian Medical Center attack. The attack that took place in February, 2016 devastated the Southern California hospital. At the time, media reports claimed the attackers were demanding $3.6 million in ransom cash. It was later revealed that the actual ransom demand was $17,000. The hospital paid the ransom. To this day, it is still in the list of the largest ransom payments after a ransomware attack.
For most healthcare providers, the ransom demand is nothing compared to the cost of downtime. In an environment where life and death decisions are the order of the day, the disruptions from a ransomware attack coupled with the inevitable downtime could cause irrevocable damage to the healthcare provider and its patients. Hollywood Presbyterian Medical Center struggled to stay afloat for an entire week as its leadership held endless meetings to figure out a way forward.
How disaster recovery can save the day
Instead of reacting to a ransomware attack, healthcare providers must learn to respond through well-coordinated efforts across all departments in the organization. At the present, there is no better way to respond than by creating a disaster recovery plan that acts as a wall so high that even the most intricate and vicious ransomware cannot go over. These disaster recovery protocols involve remote and off-site backups that would be readily available to switch to once the healthcare provider learns that it is under attack.
Healthcare providers need to look for BaaS (Backup as a Service) and DRaaS (Disaster Recovery as a Service) experts to help them transfer their data and teach their staff the protocols to follow during and after a ransomware attack. Furthermore, the experts will, typically, teach the employees how to spot phishing attempts. Overtime, they can learn to question the source of an email as well as the need to report suspicious emails and email attachments when they come across them as they do their work.
Regular backing up must become a norm. It should, therefore, be the healthcare provider’s policy to create robust backup strategies that are streamlined, well enough to reduce downtime after an attack as well as to avoid payouts to cyber criminals. Such robust backup protocols would allow the institution to roll back a number of days before the attack and restore server as well as local data and applications.