How is the Healthcare Industry Affected by Ransomware.

HowisRansomwareAffectingthe HealthcareIndustry

Inarecentsurveyofhealthcareorganizationstitled“TheStateofRansomwareinHealthcare2022,” researchersfoundthattherewasa94%increaseinransomwareattacksonorganizationsinthehealth sectorIn2021alone,66%ofhealthcareorganizationswerehitbyransomwareIncomparison,34%were hitin2020

Anothersurveyrevealsthat42%ofhealthcareorganizationsfacedmultipleransomwareattacksinthe previousyearThesesurveysclearlydepictthescopeoftheproblemforthehealthcaresectorItreveals theinherentweaknessesinthesystemsthatattackersusetotheiradvantageThismakesitallthemore necessaryforthehealthcaresectortopreparebeforehandandprotectsensitiveinformationand systemsusingautomatedbackupanddisasterrecovery(DR)

Thisblogwilldiscusstheimpactofransomwareonhealthcareinstitutionsandhowhealthcare organizationscanprotectthemselvesagainstthemenaceofransomware

WhyisHealthcareIndustryBeingTargeted?

Toprovideeffectivehealthcareservices,hospitals,clinics,andhealthcareserviceprovidersneedtostore andretainpatientinformation,andmedicalrecordsSincethisconfidentialdataishighlysoughtafterin theblackmarket,itmakeshealthcareserviceproviderstheprimetargetsofhackersThemedicaldata sellsforalargesumonthedarkweb

Moreover,cybercriminalsarekeenlyawareofthefactthatthehealthcareserviceindustryspendsthe majorityoftheirbudgetonservicesleavingverylittlefordataprotectionThelackofbudgetmakesit challengingforITadministratorstosetupeffectivedatasecurityandransomwareprotection;making thehealthcaresectorarelativelyeasiertarget

Furthermore,themajorityofhealthcaresectorstaffneedaccesstocriticalsystemsandinformationto providehealthcareservicesThisincreasesthenumberofendpointsthathackerscanexploittogain accesstoprimarynetworks

Additionally,duetothenatureofservices,healthcarestaffareoftenrushedfortimeThismakesthem moresusceptibletosocially-engineeredthreatssuchasphishingwhichcontributestoamajorityof successfulransomwareattacks

Briefly,here’swhycybercriminalstargetthehealthcaresector:

Healthcareserviceprovidersstoreprotectedhealthinformation(PHI),andfinancialinformation

PHI,PII,andpaymentinformationis“easymoney”onthedarkweb

Healthcareserviceprovidershavelimitedbudget,mostofwhichisfocusedonhealthcareAsaresult, dataprotectionisinadequatewhichmakesthemedicalrecordstorageandarchivinginfrastructure

RecentPosts

On-Premisevs PrivateCloud: Choosingthe Right Infrastructurefor YourBusiness Needs Enterprise Cybersecurity Solutions:Best Practicesand Strategiesfor DataProtection Upgrade3-2-1 RulewithVeeam ONEv12’s Immutabilityand Monitoring

2022 Ransomware AttackTrend Report:Key Findings

Whatto Considerwhen Implementing

aneasiertarget

Sinceresourcesarelimited,healthcarestaffaresusceptibletohumanerrorandpronetosociallyengineeredattackswhichtakesadvantageofthefast-pacednatureoftheiroperations

RecentRansomwareAttacksonthe Healthcaresector

Afewmajorransomwareincidentsstandoutintheirseverity,scopeandcomplexityTheseepisodescan providevaluableinsightsintohowransomwareisevolvingandhowthemoderncybercrimelandscape ischanging

ContiRansomwareAttackonIreland’sHSEviaPhishingEmail

In2021,HSEwastargetedbyhackerswhoaccessedhigh-levelaccountsandusedthemtoexfiltratevast amountsofsensitivedata80%oftheHSEITenvironmentwasencrypted,privateinformationof thousandsofindividualswasexposed,anddiagnosticsandmedicalrecordsremainedinaccessibleThe staffrevertedtopenandpaper,andalltheIrishgovernmentcoulddowasmonitorthedarkwebfor publisheddataHSEhadtobearhighfinancialcostsandlawsuitsfrompatientsforinterruptedservices

RansomwareAttackonYumaRegionalMedicalCenter

YRMCwasattackedinApril2022andresultedindataexposureofthousandsofindividualsAfterthe ransomwaredeployment,thehospitalwasforcedtoinitiatedowntimeproceduresOninvestigation,it wasrevealedthattheattackerhadaccesstothenetworkforfourdaysbeforeransomware deploymentwithoutbeingdetectedTheattackermaintainednetworkaccessfrom21 to25 April andremovedfilesthatcontainedSSN,patientnames,medicalinformationandinformationonhealth insurance

QuantumRansomwareAffects657HealthcareOrgs

PFC(ProfessionalFinanceCompany)wasattackedinFeb2022,leadingtoadatabreachofover657 healthcareorganizationsTheContigroupusedcobaltstriketomovelaterallyinsidetheirnetworkviaCLI toolsandexfiltrateddatathatincludedfirstandlastnames,addresses,accountsreceivablebalance andinformationregardingpaymentsmadetoaccountsAccordingtoAdvancedIntel,Contiseemedto havejoinedtheQuantumransomwaregroupThisisnowbecomingacommonmodusoperandiof manyhigh-profilecybercrimesyndicates

Othernotableransomwareattacksonhealthcare:

HighmarkHealth,WellDyneRx,OthersReportHealthcareDataBreaches

MissouriHospitalSystemDataBreach

Dataof198KPatientsofFloridaProviderAccessedinanEmailHack KaiserFoundationHealthPlanEmailHackImpacts70K

McCoyVisionCenterAddedtoEyeCareLeadersBreachtally MCGHealthReportsTheftofPatient,andMemberData

WhatistheImpactofRansomwareon HealthcareOrganizations?

AccordingtoresearchbyPonemoninstitutethatfocusedontheeffectsofransomwareonhealthcare organizations,70%oftheaffectedwereinfectedbylong-terminfectionthatresultedinprolonged periodswithoutservicedelivery,thuseffectivelycripplingtheirhealthdeliverysystems

Around65%ofhealthcareorganizationshadtotransfertheirpatientstootherfacilitiesatexorbitant coststokeepprovidinghealthcareAround71%oftheaffectedexperiencedmedicalproceduresand testdelays,while36%experiencedcomplications

AccordingtoastudybySophos:

Healthcareorganizationshadthesecond-highestaverageransomwarerecoverycostswith$185 million,takingoneweekonaveragetorecoverfromanattack

67%ofhealthcareorganizationsareoftheviewthatcyberattacksaregettingmorecomplexand moreorganized

Amongthoseorganizationsthatwereaffectedandpaidtheransom,only2%gotalltheirdataback 61%ofattacksweresuccessfulinencryptingtheirvictim’sdata

However,99%ofhealthcareinstitutionsaffectedgotatleastsomeoftheirdatabackafterencryption

Butthatisnottosaythatorganizationsexpectthattheywillbeimmunefromransomwareinthe futuresincenearly41%ofthosewhodidn’texperiencearansomwareinfectionfullyexpectthatthey arelikelytohavearansomwareattackinthefuture

WhatareSomeoftheKeyChallenges

ConfrontingtheHealthcareIndustry?

HealthcareorganizationsarenowfacinghighlysophisticatedRansomOpsThesearehighlytargeted andcomplexransomwareoperationsinwhichattackersattempttogainaccesstothenetwork, infiltratedevices,breachdatabygainingaccesstohigh-levelaccounts,exfiltratehighlysensitivedata,

andencryptmaximumdataTheoperationsarecontrolledbycommandandcontrolcentersof maliciousactorsandarehighlypersistentTheseoperationsallowthreatactorstohavemaximum effectandincentivizethemtomakemulti-milliondollardemands

Thesecondbiggestissueisthatthehealthsectorisahighlytargetedindustryforransomware deploymentsinceattackersarefullyawareofthehealthcaresector’sintricaciesanduseittogain maximumleverage

Finally,healthcareorganizationsstrugglewithdatasecuritysincetheydon’thavetheresourcestokeep themselvesuptodatewiththelatestsecuritymeasures

HowcanHealthcareOrganizationsPrepare AgainstRansomware?

Ransomwareremainsprevalent,andthereisn’tanysectorthatisimmunefromransomwareHowever, healthcareorganizations,inparticular,needtodigestthefactthattheybelongtoanindustrywhichis themostlucrativeforcybercriminalsandassumethey,atonepointortheother,willbehitby ransomware

Thenextstepistoalwaysbepreparedandadoptaproactiveapproachfordefensesagainst ransomwareratherthanlookingforawayoutafterasuccessfulinfiltrationThiscanonlybedone effectivelybysettingupautomatedbackupanddisasterrecoveryItalsoneedstobeunderstoodthat thewholeRansomOpneedstobeneutralizedBlockingfurtheraccesstoransomwareisonething,butit doesnotisolateyournetworksanddoesnotpreventthreatactorsfromcontinuingtomaintainnetwork access

Inotherwords,abackupandDRsolutionthatdoesn’tincludeisolation(air-gap),andimmutabilityisn’t aneffectivemeasureagainstransomwareInfact,itmayaswellbeasvulnerableasaproduction infrastructurewithoutbackupandDR

RansomOpscangoundetectedforweeksandevenmonthsfrominitialingress,movinglaterallyand establishingcontrolOrganizationsneedtodeploysolutionsthatincludeprevention,protectionand remediation

Preventivemeasuresincludemulti-factorauthentication(MFA),firewall,air-gapping,3-2-1backup strategy,amongothers

Protectionandremediationmeasuresincludebackupanddisasterrecovery,granularfile-level recovery,directVMspinup,1-clickrestoretocloud,andmore StoneFlyremainsundefeatedindeployingsolutionsthatneutralizetheransomwareandminimizethe chancesofinfectioninthefirstplace

HowShouldHealthcareOrganizationsChoose anAppropriateDataProtectionSolution?

Moderndataprotectionsolutionscomeinvariousoptions,includingon-premisesystems,privatecloud solutionsandfullyorpartiallyhostedsolutionsThemostappropriatesolutionisoftenablendofallthe approachesbasedonwhatapplicationsanddataneedtobesecured

Regardlessofwhatoptionyougowith;theserviceprovidermusthave:

Automatedairgappedbackupsisolatedfromproduction

Immutablepolicy-basedstorageforbackupsmedicalrecords,patientinformation,andfinancial details

AES256-bitencryptedstoragefordatastoredon-premisesandinthecloud Abilitytoquicklyscalecompute,storage,andarchivingresourceswhennecessary GuaranteeRTPOsthatmeettheorganization’sguidelines

HowareStoneFlySolutionsAidingthe HealthcareSector?

Fromturnkeybackupanddisasterrecoverysolutions,tostorageappliancesandcloudarchiving, StoneFlyoffersanarrayofpurpose-builtsolutionsforthehealthcaresectorTheseinclude:

StoneFlyDR365V:TurnkeyVeeam-readybackupandDRappliancewithautomatedair-gappingusing built-innetworkandpowermanagementcontrollerandpolicy-basedimmutability,filelockdown,and S3objectlockdownforadvancedransomwareprotection

Availablein4,8,12,16,24,and36-bayappliances,DR365Voffersterabytestopetabytesofstorage capacityperchassisThisstoragecapacitycanfurtherbeincreasedinthreeways:scalingupby addingstorageexpansionunits,scalingoutbyaddingmoreDR365Vnodes,orleveragingbuilt-incloud connectforcloudstorage,andarchiving

Moreover,DR365VisalsoasecondaryDRsitewhichITadminscanusetoreplicatecriticalVMs, databases,andspinupapplicationsandworkloadsintheeventtheprimaryproductionisn’tavailable

StoneFlyDR365VIVA:Automatedair-gappednodeswithbuilt-innetworkandpowermanagement controller,andpolicy-basedimmutabilitythatcanbeaddedtoexistingproduction,andbackupand DRsystemsforeffectiveransomwareprotection

VeeamCloudConnect:Completebackup,replication,&restorepackagewithVeeamCloudConnect, built-inmanagementserver,&Azurecloudstoragewithintegratedair-gap,immutability,encryption, andmore

BackupandDisasterRecoveryasaService(BDRaaS):FullymanagedandhostedbackupandDR solutionwithfull/partialoffsiterecovery,andoptionalmanagementservices

WithStoneFlyBDRaaS,healthcareserviceproviderscangetexpertstomanagetheirransomware protectionforthem,withminimumtimeandresourceinvestments

Intheeventofaransomwareattack,StoneFlycustomerscaneasilyrestorefunctionsbyleveraging instantrecoverythroughquickfailovertooffsitecloudrepositoriesandfailbackincaseofa ransomwareattackanddecreaseyourRTPOs

Conclusion

Toprovidehealthcareservices,serviceprovidersstoreandarchiveprotectionhealthinformation, patientdata,andmedicalrecordsThissensitivedataputsthemontheradarofcybercriminals

SincehealthcaresectorfocusesbudgetandresourcesontheirservicesratherthanITsystems,itmakes themaneasiertargetandmorevulnerabletosophisticatedransomwareattacksAcompromiseof productionleadstodisruptionwhichinturnputslivesindangerAsaresult,effectiveransomware protectionisnecessaryAndransomwareprotection,duetothecomplexnatureofmalwareand cyberattacks,isincompleteandinadequatewithoutautomatedair-gapping,andimmutability

Needhelpprotectingyourpatientdataandmedicalrecordstorageandarchives?ContactStoneFly expertstodiscussyourITsystemsandprojectstoday

YouMayAlsoLike

GETINTOUCHWITHUS

ContactName*

Company*

Phone*(extensions canbe enteredinthe Message eld)

EmailAddress*

Message

ABOUTSTONEFLY

Foundedin1996andheadquarteredinCastro Valley – StoneFly Inc was establishedwiththe visionto simplify,optimize anddeliverhighperformance budget-friendly data centersolutions forSMBs SMEs andlarge enterprises Beginningwithits registrationof the iSCSIcomInternetdomainname inMarch1996 StoneFly has made iSCSIinto a standardwhichis nowusedby ITprofessionals aroundthe world

Withover24years of innovationindata storage hyperconvergedinfrastructure (HCI),andbackupanddisasterrecovery (DR)industries andtechnology partnerships withmarketleaders like VMware Veeam MicrosoftAzure andAWS cloud,StoneFly’s range of ever-growingdata managementproducts continue to growandinclude physical virtual andcloudsolutions suchas NAS SAN S3 unied NAS +SAN+S3appliances,storage gateways,backupgateways,complete backup andDRsystems,RAIDsystems,IP video surveillance storage systems,data migrationsoftware andmore – poweredby StoneFly’s patented8thgeneration storage virtualizationsoftware StoneFusion™ andintegratedwithenterprise features anddata services Learn

*Allelds withanasterisk are required