Healthcare data breaches hit an all-time high in 2021. Indeed, healthcare now experiences more cyberattacks than any other industry. A third of all cyberattacks target healthcare facilities. Why? Because health is a valuable and vulnerable target.
In January 2021, the websites of several Indian government departments, including national health and welfare agencies, leaked lab test results for thousands of COVID-19 patients online.
The leaked lab reports were indexed by search engines that exposed patient data and their COVID-19 test status.
Also according to the latest Sophos report “The State of Ransomware in Healthcare 2022”, there is a 94% increase in ransomware attacks in the healthcare sector. In 2021, 66% of health facilities were affected; 34% were affected the previous year.
Hackers are going after healthcare because patient data and hospital systems are lucrative prey. Hackers know they can demand a hefty ransom if they compromise patient data or healthcare systems. They also know that healthcare organizations will likely pay the ransom – and quickly, as compromised data and systems can cost lives in hospital settings. Hospitals, of course, depend on constant and immediate access to patient data to deliver care. If they don’t have that access, people can get sicker and die. Nearly a quarter of healthcare facilities hit by a ransomware attack in 2019 and 2020 reported increased patient death rates after the attack.
Unfortunately, the attacks on health care will only increase in the years to come. Indeed, some hacking groups only focus on attacking healthcare organizations. In April, the Department of Health and Human Services warned the healthcare industry about an “unusually aggressive” ransomware gang called Hive, dedicated to targeting healthcare and promoting double extortion. It demands one payment to unlock the data it has encrypted and another payment to prevent the data from being made public.
Air gap can protect health data
The ransomware works by going through all copies of your data, including primary, secondary, and backup data. Attackers then encrypt or exfiltrate the data. One of the most convenient and effective ways to secure backup data from a ransomware attack is air spacing.
There are two types of air gap. The first is traditional physical air spacing, in which an organization disconnects the digital asset from all other devices and networks. This air gapping is the ultimate cybersecurity measure because it creates a physical separation between a secure network and any other computer or network. Using physical airspace, companies store backup data on media such as tape or disk, and then disconnect that media entirely from their production computing environment.
The second type of air spacing is called logical air spacing. A logical air gap relies on network and user access controls to isolate backup data from the production computing environment. It’s like a one-way street where data is pushed to its intended destination, whether that’s an on-premises storage device or a custom appliance. The key here is that control and management of this data, such as how it is stored or who can modify it, is not available through this same system or path. Anyone who wants to manage or modify the data must go through entirely different authentication channels.
The beauty of air spacing is that it’s nearly impossible for ransomware to compromise your data backups. It’s almost as if your data is wearing a cloak of invisibility, making it impervious to any malware that manages to enter your network.
Another essential step is 3-2-1-1 data protection.
Healthcare organizations can deploy a second measure against ransomware, 3-2-1-1 data protection. This means keeping 3 backup copies of your data on 2 different media, such as tape and disk, with 1 of the copies placed offsite to allow for quick recovery. Additionally, you must have an immutable object storage copy of your data and an isolated copy. Immutable object storage protects data continuously by taking a snapshot every 90 seconds. So even if a ransomware attack occurs, you can recover your data immediately.
In the event of an attack, unavailability or natural disaster,your data snapshots allow you to revert to a very current file state. Snapshots cannot be modified, deleted, or overwritten, so they secure data against ransomware attacks, human error, and hardware failure. Healthcare organizations that deploy Immutable Snapshots can maintain the seamless continuation of their operations, even in the face of a ransomware attack or other calamity.
Hospitals must act quickly to secure their data
For years, companies may have relied on a cyber security strategy in numbers, thinking the bad guys would attack someone else. That strategy is now out the window. Healthcare organizations must assume that sooner or later they will be the target of a ransomware attack.
The impact of a data breach in healthcare can be catastrophic since all aspects of healthcare are now digital, from diagnosis to long-term care and everything in between. Healthcare generates vast volumes of data at all levels of care and engagement, and that data couldn’t be more critical because human lives depend on it.
Given the amount and value of healthcare data, implementing a multi-tiered protection and recovery strategy is urgently needed. It is not a question of whether such a strategy should be implemented or even when. It’s a question of “how fast can we do it?”
Healthcare facilities must quickly implement air spacing and other data protection initiatives to protect themselves. It is indeed a matter of life or death.
BY: Nikhil Korgaonkar Regional Director, Arcserve India & SAARC