Eliminating the Threat of Ransomware Attacks in Healthcare – Interview with Gary Watson, Vice President Technical Engagement for Nexsan
Why are healthcare companies and hospitals especially vulnerable to Ransomware attacks?
GW: Hackers know that targeting large organizations can result in a bigger payoff. This is particularly true for the healthcare industry, where doctors and nurses need instant access to patient records before they can help patients. Ransomware attackers are aware that hospitals might be more likely to pay their ransom fee rather than risk their patients’ welfare—not to mention possible lawsuits.
How many healthcare companies are affected by this type of malware attack?
GW: One thing we know based on brand-new research from Solutionary is that the healthcare industry is the most targeted industry when it comes to Ransomware attacks—88 percent of all such attacks are committed against healthcare companies. In the last year, more than half of all hospitals—60 percent—were targeted by Ransomware hackers, according to a survey from HIMSS and Healthcare IT News. The same organizations found that as many as three-quarters of U.S. hospitals may have experienced a Ransomware attack in the last year. More than 50 percent of respondents polled said they had definitely been the victim of a Ransomware attack.
What are the financial costs to the healthcare industry as a result of Ransomware attacks?
GW: It is very pricey, unfortunately, and the costs are continuing to increase. Here are a few facts and figures: In 2015, the FBI received around 2,500 complaints of Ransomware attacks, costing victims $24 million. In the first three months of 2016, this type of malware attack had cost American targets an additional $209 million.
What is a typical ransom fee that cyber thieves demand from hospitals?
GW: The fees can vary widely, but can run into the thousands of dollars. One example earlier this year was when hackers demanded that Hollywood Presbyterian Medical Center pay 40 Bitcoins—the equivalent of $17,000—to be able to access their own electronic records that had been encrypted. It’s important to note that even if an organization pays the fee, it doesn’t guarantee that they’ll get their files back from the hacker.
What happens at a healthcare firm if its files get encrypted by Ransomware?
GW: It’s not a pretty picture. At a hospital, the scenario might look something like this: A doctor is meeting with a patient who is preparing for a scheduled surgery. The doctor wants to show his patient the results of her recent lab tests. But when the doctor tries to access the patient’s test results on his computer, he can’t open them because the screen is frozen. While the doctor is clicking around trying to figure out what’s going on, a cryptic message spreads across the computer screen. It’s not readable, so he calls the IT department. It turns out the entire medical center is experiencing the same problems. No doctor can access their files, and no patients can be served. If this happens to you, then you’ve become the latest victim of a Ransomware attack. Unfortunately, this type of situation isn’t just inconvenient—it can be life-threatening for patients who have urgent medical needs because it can result in significant treatment delays. Maybe less of a big deal for a podiatrist, but rather worrisome to say the least for a cancer treatment center.
What can hospitals do to protect themselves from Ransomware attacks?
GW: The truth is that while many healthcare organizations are aware of the possibility of malware infections and are taking some measures to defend themselves against them, most are not doing what’s needed to protect their valuable data. What I mean by this is that some hospitals have taken the step of installing anti-malware software programs on their systems, but this isn’t enough to protect an organization’s data from Ransomware attacks. A protective strategy like this is only one part of what’s needed—healthcare businesses also need to figure out what they will do to restore their files after they are encrypted.
What types of solutions are available for file restoration after data has already been encrypted?
GW: I would be remiss if I didn’t lead with saying that the Nexan Assureon™ archive data protection solution is an ideal way for companies to beef up their data protection strategy against the threat of Ransomware. The fact is that in the current climate, companies need to go beyond anti-malware to protect their sensitive data. Assureon can quickly restore encrypted files—with absolutely zero need to pay a ransom fee.
How does archive data protection work?
GW: Think of it this way: if you use only anti-malware as a protective barrier against attacks but a hacker infects your system with Ransomware, then you have lost your files. But if you incorporate archive data protection as part of your security strategy, you’ll be able to restore your files post-attack. Assureon can actually protect data automatically, from day one, without IT needing to constantly back it up. This saves a ton of time when it comes to backing up files, not to mention money. Anti-malware has a role to play too, so think of the best strategy as a two-part solution that accounts for both file protection and file restoration.
What are some of the specific features that Assureon offers?
GW: Shortcuts are an important component. Assureon only has to restore shortcuts, not the entire file, so it only takes a few minutes to restore files after a Ransomware attack. Since the data becomes available right away, a company’s recovery time objectives really benefit. Another important feature is fingerprints. When files are saved using the archive data protection system, Assureon automatically produces a unique fingerprint of the files’ contents as well as metadata. And we can’t forget that Assureon makes a double copy of each file—in two totally separate locations. This gives IT extra confidence that the company’s data is secure.
But at the end of the day, what really matters is this… In the event of an attempted Ransomware attack, for the IT professional it is as they say ‘a minor blip on the radar.’ And, for the end clients – in this case the doctors and nurses – they will actually never even know the attempt was made.