In a recent survey of healthcare organizations titled “The State of Ransomware in Healthcare 2022,” researchers found that there was a 94% increase in ransomware attacks on organizations in the health sector. In 2021 alone, 66% of healthcare organizations were hit by ransomware. In comparison, 34% were hit in 2020.
Another survey reveals that 42% of healthcare organizations faced multiple ransomware attacks in the previous year. These surveys clearly depict the scope of the problem for the healthcare sector. It reveals the inherent weaknesses in the systems that attackers use to their advantage. This makes it all the more necessary for the healthcare sector to prepare beforehand and protect sensitive information and systems using automated backup and disaster recovery (DR).
This blog will discuss the impact of ransomware on healthcare institutions and how healthcare organizations can protect themselves against the menace of ransomware.
Why is Healthcare Industry Being Targeted?
To provide effective healthcare services, hospitals, clinics, and healthcare service providers need to store and retain patient information, and medical records. Since this confidential data is highly sought after in the black market, it makes healthcare service providers the prime targets of hackers. The medical data sells for a large sum on the dark web.
Moreover, cybercriminals are keenly aware of the fact that the healthcare service industry spends the majority of their budget on services leaving very little for data protection. The lack of budget makes it challenging for IT administrators to set up effective data security and ransomware protection; making the healthcare sector a relatively easier target.
Furthermore, the majority of healthcare sector staff need access to critical systems and information to provide healthcare services. This increases the number of endpoints that hackers can exploit to gain access to primary networks.
Additionally, due to the nature of services, healthcare staff are often rushed for time. This makes them more susceptible to socially-engineered threats such as phishing which contributes to a majority of successful ransomware attacks.
Briefly, here’s why cybercriminals target the healthcare sector:
- Healthcare service providers store protected health information (PHI), and financial information.
- PHI, PII, and payment information is “easy money” on the dark web.
- Healthcare service providers have limited budget, most of which is focused on healthcare. As a result, data protection is inadequate which makes the medical record storage and archiving infrastructure an easier target.
- Since resources are limited, healthcare staff are susceptible to human error and prone to socially-engineered attacks which takes advantage of the fast-paced nature of their operations.
Recent Ransomware Attacks on the Healthcare sector
A few major ransomware incidents stand out in their severity, scope and complexity. These episodes can provide valuable insights into how ransomware is evolving and how the modern cybercrime landscape is changing.
In 2021, HSE was targeted by hackers who accessed high-level accounts and used them to exfiltrate vast amounts of sensitive data. 80% of the HSE IT environment was encrypted, private information of thousands of individuals was exposed, and diagnostics and medical records remained inaccessible. The staff reverted to pen and paper, and all the Irish government could do was monitor the dark web for published data. HSE had to bear high financial costs and lawsuits from patients for interrupted services.
YRMC was attacked in April 2022 and resulted in data exposure of thousands of individuals. After the ransomware deployment, the hospital was forced to initiate downtime procedures. On investigation, it was revealed that the attacker had access to the network for four days before ransomware deployment without being detected. The attacker maintained network access from 21st to 25th April and removed files that contained SSN, patient names, medical information and information on health insurance.
PFC (Professional Finance Company) was attacked in Feb 2022, leading to a data breach of over 657 healthcare organizations. The Conti group used cobalt strike to move laterally inside their network via CLI tools and exfiltrated data that included first and last names, addresses, accounts receivable balance and information regarding payments made to accounts. According to Advanced Intel, Conti seemed to have joined the Quantum ransomware group. This is now becoming a common modus operandi of many high-profile cybercrime syndicates.
Other notable ransomware attacks on healthcare:
- Highmark Health, WellDyneRx, Others Report Healthcare Data Breaches
- Missouri Hospital System Data Breach
- Data of 198K Patients of Florida Provider Accessed in an Email Hack
- Kaiser Foundation Health Plan Email Hack Impacts 70K
- McCoy Vision Center Added to Eye Care Leaders Breach tally
- MCG Health Reports Theft of Patient, and Member Data
What is the Impact of Ransomware on Healthcare Organizations?
According to research by Ponemon institute that focused on the effects of ransomware on healthcare organizations, 70% of the affected were infected by long-term infection that resulted in prolonged periods without service delivery, thus effectively crippling their health delivery systems.
Around 65% of healthcare organizations had to transfer their patients to other facilities at exorbitant costs to keep providing healthcare. Around 71% of the affected experienced medical procedures and test delays, while 36 % experienced complications.
According to a study by Sophos:
- Healthcare organizations had the second-highest average ransomware recovery costs with $1.85 million, taking one week on average to recover from an attack.
- 67% of healthcare organizations are of the view that cyberattacks are getting more complex and more organized.
- Among those organizations that were affected and paid the ransom, only 2% got all their data back.
- 61% of attacks were successful in encrypting their victim’s data.
- However, 99% of healthcare institutions affected got at least some of their data back after encryption. But that is not to say that organizations expect that they will be immune from ransomware in the future since nearly 41% of those who didn’t experience a ransomware infection fully expect that they are likely to have a ransomware attack in the future.
What are Some of the Key Challenges Confronting the Healthcare Industry?
Healthcare organizations are now facing highly sophisticated RansomOps. These are highly targeted and complex ransomware operations in which attackers attempt to gain access to the network, infiltrate devices, breach data by gaining access to high-level accounts, exfiltrate highly sensitive data, and encrypt maximum data. The operations are controlled by command and control centers of malicious actors and are highly persistent. These operations allow threat actors to have maximum effect and incentivize them to make multi-million dollar demands.
The second biggest issue is that the health sector is a highly targeted industry for ransomware deployment since attackers are fully aware of the healthcare sector’s intricacies and use it to gain maximum leverage.
Finally, healthcare organizations struggle with data security since they don’t have the resources to keep themselves up to date with the latest security measures.
How can Healthcare Organizations Prepare Against Ransomware?
Ransomware remains prevalent, and there isn’t any sector that is immune from ransomware. However, healthcare organizations, in particular, need to digest the fact that they belong to an industry which is the most lucrative for cybercriminals and assume they, at one point or the other, will be hit by ransomware.
The next step is to always be prepared and adopt a proactive approach for defenses against ransomware rather than looking for a way out after a successful infiltration. This can only be done effectively by setting up automated backup and disaster recovery. It also needs to be understood that the whole RansomOp needs to be neutralized. Blocking further access to ransomware is one thing, but it does not isolate your networks and does not prevent threat actors from continuing to maintain network access.
In other words, a backup and DR solution that doesn’t include isolation (air-gap), and immutability isn’t an effective measure against ransomware. In fact, it may as well be as vulnerable as a production infrastructure without backup and DR.
RansomOps can go undetected for weeks and even months from initial ingress, moving laterally and establishing control. Organizations need to deploy solutions that include prevention, protection and remediation.
Preventive measures include multi-factor authentication (MFA), firewall, air-gapping, 3-2-1 backup strategy, among others.
Protection and remediation measures include backup and disaster recovery, granular file-level recovery, direct VM spin up, 1-click restore to cloud, and more.
StoneFly remains undefeated in deploying solutions that neutralize the ransomware and minimize the chances of infection in the first place.
How Should Healthcare Organizations Choose an Appropriate Data Protection Solution?
Modern data protection solutions come in various options, including on-premise systems, private cloud solutions and fully or partially hosted solutions. The most appropriate solution is often a blend of all the approaches based on what applications and data need to be secured.
Regardless of what option you go with; the service provider must have:
- Automated air gapped backups isolated from production.
- Immutable policy-based storage for backups, medical records, patient information, and financial details.
- AES 256-bit encrypted storage for data stored on-premises and in the cloud.
- Ability to quickly scale compute, storage, and archiving resources when necessary.
- Guarantee RTPOs that meet the organization’s guidelines.
How are StoneFly Solutions Aiding the Healthcare Sector?
From turnkey backup and disaster recovery solutions, to storage appliances and cloud archiving, StoneFly offers an array of purpose-built solutions for the healthcare sector. These include:
StoneFly DR365V: Turnkey Veeam-ready backup and DR appliance with automated air-gapping using built-in network and power management controller, and policy-based immutability, file lockdown, and S3 object lockdown for advanced ransomware protection.
Available in 4, 8, 12, 16, 24, and 36-bay appliances, DR365V offers terabytes to petabytes of storage capacity per chassis. This storage capacity can further be increased in three ways: scaling up by adding storage expansion units, scaling out by adding more DR365V nodes, or leveraging built-in cloud connect for cloud storage, and archiving.
Moreover, DR365V is also a secondary DR site which IT admins can use to replicate critical VMs, databases, and spin up applications and workloads in the event the primary production isn’t available.
StoneFly DR365VIVA: Automated air-gapped nodes with built-in network and power management controller, and policy-based immutability that can be added to existing production, and backup and DR systems for effective ransomware protection.
Veeam Cloud Connect: Complete backup, replication, & restore package with Veeam Cloud Connect, built-in management server, & Azure cloud storage with integrated air-gap, immutability, encryption, and more.
Backup and Disaster Recovery as a Service (BDRaaS): Fully managed and hosted backup and DR solution with full/partial offsite recovery, and optional management services.
With StoneFly BDRaaS, healthcare service providers can get experts to manage their ransomware protection for them, with minimum time and resource investments.
In the event of a ransomware attack, StoneFly customers can easily restore functions by leveraging instant recovery through quick failover to offsite cloud repositories and failback in case of a ransomware attack and decrease your RTPOs.
To provide healthcare services, service providers store and archive protection health information, patient data, and medical records. This sensitive data puts them on the radar of cybercriminals.
Since healthcare sector focuses budget and resources on their services rather than IT systems, it makes them an easier target and more vulnerable to sophisticated ransomware attacks. A compromise of production leads to disruption which in turn puts lives in danger. As a result, effective ransomware protection is necessary. And ransomware protection, due to the complex nature of malware and cyberattacks, is incomplete and inadequate without automated air-gapping, and immutability.
Need help protecting your patient data and medical record storage and archives? Contact StoneFly experts to discuss your IT systems and projects today.