Ransomware is a worldwide epidemic that is bringing organizations to a screeching halt. Growing at unprecedented levels, ransomware attacks are becoming more commonplace and sophisticated, affecting all sectors -- including education, enterprise, real estate and most of all, healthcare. In fact, nearly 88% of all ransomware attacks reside in healthcare organizations, and a recent report by IDC FutureScape predicts these attacks will double by 2018. Given these grim statistics, it is now more critical than ever to protect patient and provider medical data and keep healthcare systems secure and running.
Ransomware attacks -- in which cybercriminals hold their victims' files hostage until a ransom is paid -- can cause numerous complications. Organizations under siege lose a whopping amount of revenue and often see productivity come to a standstill, but they also lose control of essential -- and extremely private -- patient data. Healthcare organizations, such as Hollywood Presbyterian Medical Center, are choosing to pay the "ransom" instead of risking patient lives and other operational challenges caused from lack of data access. Falling victim to ransomware can happen to any organization if unprepared, but daunting as it sounds, there are ways to fight back against even the most powerful cyber-attacks.
For example, let's take a look at one company that was recently infected by two ransomware attacks. While this particular company is not within the healthcare sector, ransomware does not discriminate -- and health systems are often attacked with a very similar approach.
SEE ALSO: Ransomware Strategies to Keep You Protected
In the winter of 2016, S.J. Louis, a Minnesota-based construction contracting company, was under attack. Hackers crypto-locked all of their current and previous project files and demanded $100,000 to return full access to their data. What's more, the breach encrypted a staggering $200 million worth of future project data.
Though ransomware can represent a devastating -- and even business-closing -- catastrophe, one might think S.J. Louis would be experiencing mass hysteria right about now. However, there was no panic. Due to preemptive security procedures employed by the company's managed service provider (MSP), there was no damage done. The company's security plan allowed it to "roll back" to a previous version of files stored in the cloud, restoring them from its cloud storage gateway, an office file server and hybrid backup appliance. It is actually similar to how the iCloud backs up your iPhone in case it is lost, stolen or broken. This action removed ransomware from the system with minimal disruption to business continuity, and S.J. Louis walked away without paying a dime.
Sounds simple enough, right? By implementing a few crucial steps, executives can help protect their healthcare organizations from ransomware.
Step 1: Keep the Perimeter Secure to Decrease the Likelihood of a Breach.
Ransomware is often achieved by preying on unsuspecting employees -- the old phishing scam is alive and well. Be sure to train your physicians, nurses and administrative staff on security and their role in protecting company data (even before focusing on the technological aspects). Next, patch your operating system and keep it up to date, while also limiting access to critical patient data to only need-to-know users. Lastly, disable macro scripts from office files that are transmitted over email to keep all data more secure, especially now that everything is electronic.
Step 2: Backup Files and All Systems to Keep from Paying Ransom.
It is critical to back up your organization's endpoints and file servers, while also implementing data protection tools that minimize recovery points. Using any type of file sync and backup procedure will ensure a speedy retrieval of important patient data.
Step 3: Roll Back to Your Company's Most Current Data Using Sync.
Combine the backup strategy in step 2 with file synchronization tools to create a business continuity solution that lessens the damage of a potential attack. While backup solutions enable organizations to roll back to a point where their systems were non-infected, the rollback itself can erase hours, days, or even weeks of productivity. For larger offices with hundreds or thousands of employees, the productivity lost can be in the millions of dollars -- not to mention the potentially critical patient data created or edited during this time. Modern file sync and share tools enable healthcare organizations to dramatically reduce file versioning intervals and minimize data loss.
By implementing these simple measures, healthcare organizations can focus their resources on running their business and delivering quality care to their patients. Ransomware attacks should never get in the way of keeping patients healthy; ensure your organization can meet their needs in the event of a ransomware attack.
Tom Grave is SVP of Marketing at CTERA.