WhyisHealthcareIndustryBeing Targeted?
Toprovideeffectivehealthcareservices,hospitals,clinics,andhealthcareserviceprovidersneed tostoreandretainpatientinformation,andmedicalrecordsSincethisconfidentialdataishighly soughtafterintheblackmarket,itmakeshealthcareserviceproviderstheprimetargetsof hackers.Themedicaldatasellsforalargesumonthedarkweb.
Moreover,cybercriminalsarekeenlyawareofthefactthatthehealthcareserviceindustry spendsthemajorityoftheirbudgetonservicesleavingverylittlefordataprotectionThelackof budgetmakesitchallengingforITadministratorstosetupeffectivedatasecurityand ransomwareprotection;makingthehealthcaresectorarelativelyeasiertarget.
Furthermore,themajorityofhealthcaresectorstaffneedaccesstocriticalsystemsand informationtoprovidehealthcareservicesThisincreasesthenumberofendpointsthathackers canexploittogainaccesstoprimarynetworks.
Additionally,duetothenatureofservices,healthcarestaffareoftenrushedfortimeThismakes themmoresusceptibletosocially-engineeredthreatssuchasphishingwhichcontributestoa majorityofsuccessfulransomwareattacks
Briefly,here’swhycybercriminalstargetthehealthcaresector:
Healthcareserviceprovidersstoreprotectedhealthinformation(PHI),andfinancial information
PHI,PII,andpaymentinformationis“easymoney”onthedarkweb.
Healthcareserviceprovidershavelimitedbudget,mostofwhichisfocusedonhealthcareAsa result,dataprotectionisinadequatewhichmakesthemedicalrecordstorageandarchiving infrastructureaneasiertarget.
Sinceresourcesarelimited,healthcarestaffaresusceptibletohumanerrorandproneto socially-engineeredattackswhichtakesadvantageofthefast-pacednatureoftheir operations.
RecentRansomwareAttacksonthe Healthcaresector
Afewmajorransomwareincidentsstandoutintheirseverity,scopeandcomplexity These episodescanprovidevaluableinsightsintohowransomwareisevolvingandhowthemodern cybercrimelandscapeischanging
ContiRansomwareAttackonIreland’sHSEviaPhishingEmail
In2021,HSEwastargetedbyhackerswhoaccessedhigh-levelaccountsandusedthemto exfiltratevastamountsofsensitivedata.80%oftheHSEITenvironmentwasencrypted,private informationofthousandsofindividualswasexposed,anddiagnosticsandmedicalrecords remainedinaccessibleThestaffrevertedtopenandpaper,andalltheIrishgovernmentcould dowasmonitorthedarkwebforpublisheddata HSEhadtobearhighfinancialcostsand lawsuitsfrompatientsforinterruptedservices
RansomwareAttackonYumaRegionalMedicalCenter
YRMCwasattackedinApril2022andresultedindataexposureofthousandsofindividualsAfter theransomwaredeployment,thehospitalwasforcedtoinitiatedowntimeproceduresOn investigation,itwasrevealedthattheattackerhadaccesstothenetworkforfourdaysbefore ransomwaredeploymentwithoutbeingdetected Theattackermaintainednetworkaccessfrom 21 to25 AprilandremovedfilesthatcontainedSSN,patientnames,medicalinformationand informationonhealthinsurance.
QuantumRansomwareAffects657HealthcareOrgs
PFC(ProfessionalFinanceCompany)wasattackedinFeb2022,leadingtoadatabreachofover 657healthcareorganizationsTheContigroupusedcobaltstriketomovelaterallyinsidetheir networkviaCLItoolsandexfiltrateddatathatincludedfirstandlastnames,addresses,accounts receivablebalanceandinformationregardingpaymentsmadetoaccountsAccordingto AdvancedIntel,ContiseemedtohavejoinedtheQuantumransomwaregroup.Thisisnow becomingacommonmodusoperandiofmanyhigh-profilecybercrimesyndicates.
Othernotableransomwareattacksonhealthcare:
HighmarkHealth,WellDyneRx,OthersReportHealthcareDataBreaches
MissouriHospitalSystemDataBreach
Dataof198KPatientsofFloridaProviderAccessedinanEmailHack
KaiserFoundationHealthPlanEmailHackImpacts70K
McCoyVisionCenterAddedtoEyeCareLeadersBreachtally
MCGHealthReportsTheftofPatient,andMemberData
WhatistheImpactofRansomwareon HealthcareOrganizations?
AccordingtoresearchbyPonemoninstitutethatfocusedontheeffectsofransomwareon healthcareorganizations,70%oftheaffectedwereinfectedbylong-terminfectionthatresulted inprolongedperiodswithoutservicedelivery,thuseffectivelycripplingtheirhealthdelivery systems.
Around65%ofhealthcareorganizationshadtotransfertheirpatientstootherfacilitiesat exorbitantcoststokeepprovidinghealthcareAround71%oftheaffectedexperiencedmedical proceduresandtestdelays,while36%experiencedcomplications
AccordingtoastudybySophos:
Healthcareorganizationshadthesecond-highestaverageransomwarerecoverycostswith $185million,takingoneweekonaveragetorecoverfromanattack
67%ofhealthcareorganizationsareoftheviewthatcyberattacksaregettingmorecomplex andmoreorganized
Amongthoseorganizationsthatwereaffectedandpaidtheransom,only2%gotalltheirdata back.
61%ofattacksweresuccessfulinencryptingtheirvictim’sdata
However,99%ofhealthcareinstitutionsaffectedgotatleastsomeoftheirdatabackafter encryption.Butthatisnottosaythatorganizationsexpectthattheywillbeimmunefrom ransomwareinthefuturesincenearly41%ofthosewhodidn’texperiencearansomware infectionfullyexpectthattheyarelikelytohavearansomwareattackinthefuture
st th
WhatareSomeoftheKeyChallenges
ConfrontingtheHealthcareIndustry?
HealthcareorganizationsarenowfacinghighlysophisticatedRansomOpsThesearehighly targetedandcomplexransomwareoperationsinwhichattackersattempttogainaccesstothe network,infiltratedevices,breachdatabygainingaccesstohigh-levelaccounts,exfiltratehighly sensitivedata,andencryptmaximumdata.Theoperationsarecontrolledbycommandand controlcentersofmaliciousactorsandarehighlypersistent.Theseoperationsallowthreat actorstohavemaximumeffectandincentivizethemtomakemulti-milliondollardemands.
Thesecondbiggestissueisthatthehealthsectorisahighlytargetedindustryforransomware deploymentsinceattackersarefullyawareofthehealthcaresector’sintricaciesanduseitto gainmaximumleverage.
Finally,healthcareorganizationsstrugglewithdatasecuritysincetheydon’thavetheresources tokeepthemselvesuptodatewiththelatestsecuritymeasures.
HowcanHealthcareOrganizationsPrepare AgainstRansomware?
Ransomwareremainsprevalent,andthereisn’tanysectorthatisimmunefromransomware. However,healthcareorganizations,inparticular,needtodigestthefactthattheybelongtoan industrywhichisthemostlucrativeforcybercriminalsandassumethey,atonepointortheother, willbehitbyransomware.
Thenextstepistoalwaysbepreparedandadoptaproactiveapproachfordefensesagainst ransomwareratherthanlookingforawayoutafterasuccessfulinfiltration.Thiscanonlybe doneeffectivelybysettingupautomatedbackupanddisasterrecovery.Italsoneedstobe understoodthatthewholeRansomOpneedstobeneutralized.Blockingfurtheraccessto ransomwareisonething,butitdoesnotisolateyournetworksanddoesnotpreventthreat actorsfromcontinuingtomaintainnetworkaccess
Inotherwords,abackupandDRsolutionthatdoesn’tincludeisolation(air-gap),and immutabilityisn’taneffectivemeasureagainstransomwareInfact,itmayaswellbeas vulnerableasaproductioninfrastructurewithoutbackupandDR
RansomOpscangoundetectedforweeksandevenmonthsfrominitialingress,movinglaterally andestablishingcontrol.Organizationsneedtodeploysolutionsthatincludeprevention, protectionandremediation
Preventivemeasuresincludemulti-factorauthentication(MFA),firewall,air-gapping,3-2-1 backupstrategy,amongothers.
Protectionandremediationmeasuresincludebackupanddisasterrecovery,granularfile-level recovery,directVMspinup,1-clickrestoretocloud,andmore.
StoneFlyremainsundefeatedindeployingsolutionsthatneutralizetheransomwareandminimize thechancesofinfectioninthefirstplace.
HowShouldHealthcareOrganizations
ChooseanAppropriateDataProtection Solution?
Moderndataprotectionsolutionscomeinvariousoptions,includingon-premisesystems,private cloudsolutionsandfullyorpartiallyhostedsolutions.Themostappropriatesolutionisoftena blendofalltheapproachesbasedonwhatapplicationsanddataneedtobesecured
Regardlessofwhatoptionyougowith;theserviceprovidermusthave:
Automatedairgappedbackupsisolatedfromproduction Immutablepolicy-basedstorageforbackups,medicalrecords,patientinformation,and financialdetails.
AES256-bitencryptedstoragefordatastoredon-premisesandinthecloud Abilitytoquicklyscalecompute,storage,andarchivingresourceswhennecessary GuaranteeRTPOsthatmeettheorganization’sguidelines.
HowareStoneFlySolutionsAidingthe HealthcareSector?
Fromturnkeybackupanddisasterrecoverysolutions,tostorageappliancesandcloudarchiving, StoneFlyoffersanarrayofpurpose-builtsolutionsforthehealthcaresector Theseinclude:
StoneFlyDR365V:TurnkeyVeeam-readybackupandDRappliancewithautomatedairgappingusingbuilt-innetworkandpowermanagementcontroller,andpolicy-based immutability,filelockdown,andS3objectlockdownforadvancedransomwareprotection
Availablein4,8,12,16,24,and36-bayappliances,DR365Voffersterabytestopetabytesof storagecapacityperchassisThisstoragecapacitycanfurtherbeincreasedinthreeways: scalingupbyaddingstorageexpansionunits,scalingoutbyaddingmoreDR365Vnodes,or leveragingbuilt-incloudconnectforcloudstorage,andarchiving.
Moreover,DR365VisalsoasecondaryDRsitewhichITadminscanusetoreplicatecriticalVMs, databases,andspinupapplicationsandworkloadsintheeventtheprimaryproductionisn’t available
StoneFlyDR365VIVA:Automatedair-gappednodeswithbuilt-innetworkandpower managementcontroller,andpolicy-basedimmutabilitythatcanbeaddedtoexisting production,andbackupandDRsystemsforeffectiveransomwareprotection
VeeamCloudConnect:Completebackup,replication,&restorepackagewithVeeamCloud Connect,built-inmanagementserver,&Azurecloudstoragewithintegratedair-gap, immutability,encryption,andmore
BackupandDisasterRecoveryasaService(BDRaaS):Fullymanagedandhostedbackupand DRsolutionwithfull/partialoffsiterecovery,andoptionalmanagementservices
WithStoneFlyBDRaaS,healthcareserviceproviderscangetexpertstomanagetheirransomware protectionforthem,withminimumtimeandresourceinvestments
Intheeventofaransomwareattack,StoneFlycustomerscaneasilyrestorefunctionsby leveraginginstantrecoverythroughquickfailovertooffsitecloudrepositoriesandfailbackin caseofaransomwareattackanddecreaseyourRTPOs
Conclusion
Toprovidehealthcareservices,serviceprovidersstoreandarchiveprotectionhealthinformation, patientdata,andmedicalrecords.Thissensitivedataputsthemontheradarofcybercriminals.
SincehealthcaresectorfocusesbudgetandresourcesontheirservicesratherthanITsystems,it makesthemaneasiertargetandmorevulnerabletosophisticatedransomwareattacks.A compromiseofproductionleadstodisruptionwhichinturnputslivesindanger.Asaresult, effectiveransomwareprotectionisnecessary.Andransomwareprotection,duetothecomplex natureofmalwareandcyberattacks,isincompleteandinadequatewithoutautomatedairgapping,andimmutability
Needhelpprotectingyourpatientdataandmedicalrecordstorageandarchives?Contact StoneFlyexpertstodiscussyourITsystemsandprojectstoday.
Search Search
RecentPosts Recent Popular
CompareArrayvsHostvsHypervisorvsNetwork-BasedReplication
MirroringvsReplicationvsClustering:ADataProtectionComparison
ComparingHighAvailabilityvsFaultTolerancevsDisasterRecovery
BaaSvsRaaSvsDRaaSComparison–WhichisBest
FromProductiontoProtection:SecuringManufacturingAgainstRansomware
YouMayAlsoLike
GETINTOUCHWITHUS
ContactName*
Company*
Phone*(extensionscanbeenteredinthe"Message"field)
EmailAddress*
Message
*Allfieldswithanasteriskarerequired
Send
Bysubmittingthisrequestyouagreetobecontactedandreceiveproductinformationviaemail orcall.Youmayunsubscribeatanypoint.
ABOUTSTONEFLY
Foundedin1996andheadquarteredinCastroValley–StoneFly,Inc wasestablishedwiththevisiontosimplify, optimizeanddeliverhighperformancebudget-friendlydatacentersolutionsforSMBs,SMEs,andlarge enterprises BeginningwithitsregistrationoftheiSCSIcomInternetdomainnameinMarch1996,StoneFlyhas madeiSCSIintoastandardwhichisnowusedbyITprofessionalsaroundtheworld
Withover24yearsofinnovationindatastorage,hyperconvergedinfrastructure(HCI),andbackupanddisaster recovery(DR)industriesandtechnologypartnershipswithmarketleaderslikeVMware,Veeam,MicrosoftAzure, andAWScloud,StoneFly’srangeofever-growingdatamanagementproductscontinuetogrowandinclude physical,virtual,andcloudsolutionssuchasNAS,SAN,S3,unifiedNAS+SAN+S3appliances,storagegateways, backupgateways,completebackupandDRsystems,RAIDsystems,IPvideosurveillancestoragesystems,data migrationsoftwareandmore–poweredbyStoneFly’spatented8thgenerationstoragevirtualizationsoftware StoneFusion™andintegratedwithenterprisefeaturesanddataservices
LearnMore
©2023StoneFly|AllRightsReserved
