Jul 14 2020

Why Healthcare Should Redouble Their Data Protection Efforts Now

A spike in ransomware attacks and growing cybersecurity concerns amid the pandemic should prompt leaders to take preventive action.

Healthcare and life sciences organizations are facing an increased risk of cyberattacks amid the coronavirus pandemic.

Microsoft, for one, has warned hospitals to watch out for sophisticated ransomware attacks that could target them through their VPNs and other network devices, while the American Medical Association and American Hospital Association recently issued guidance on how to protect telehealth and remote work environments. 

Experts say the risks of a successful attack are higher than usual right now, and ransomware attacks can be devastating to the critical infrastructure within the healthcare sector. This is due in part to the crippling effect ransomware has. It restricts access to important clinical and research data needed by clinicians and researchers that can mean the difference between life and death. 

Consequences of these attacks can be dire, requiring payment to the attacker, decryption tools, or the gamble of recovering sensitive data from infrequently tested backups. Putting an organization’s most valuable asset in a hostage scenario often results in massive payouts to cybercriminals, federal penalties and reputational damage.

Despite billions of dollars spent annually to guard entry points to clinical data, many healthcare providers still underestimate the strategic value of improving data protection. As this pandemic continues, it is more important than ever that these essential services are able to not only use their data but also store it securely.

New and Evolving Ransomware Risks Challenge Healthcare Leaders

Healthcare and life sciences organizations are particularly attractive targets for ransomware attacks. Not only do they have large volumes of critical data and intellectual property, but they also face the additional challenge of tailoring security strategies to a constantly evolving set of privacy regulations and standards, which often complicates the path to achieving their mission.

To ensure compliance with government regulations such as HIPAA and HITECH (the Health Information Technology for Economic and Clinical Health Act), providers have become intimately familiar with the importance of backups for critical data. However, as these providers face exploding demand and unprecedented volumes of data, the need to restore data quickly has never been greater. Healthcare providers simply cannot afford to lose access to critical information as they await its restoration. 

Moreover, the rise of remote work has marked a period of vulnerability for businesses across the country. An abrupt shift from on-premises operations to the cloud is a significant challenge for many, requiring the deployment of reliable, fast and secure virtual desktop infrastructure.

READ MORE: Learn why virtual desktop infrastructure is critical to scaling up telehealth.

It is crucial for healthcare organizations and businesses to take a unified approach to data security and ensure the protection of valuable information at a time when access is vital. The establishment of these security measures is a tricky balancing act, especially if they’re built on outdated infrastructure.

Still, these concerns are not limited to the current pandemic. 

Ransomware attacks against healthcare and life sciences organizations are up 35 percent over the past three years, primarily targeted at direct patient care facilities, according to RiskIQ. Moreover, the vast majority of ransomware attacks (70 percent) were aimed at small hospitals and health centers, likely because they have limited security resources, and hackers expect they will pay the ransom to recover their data.

Why Hospitals Need Data Backup and Recovery Tools

Whether on-premises or in the cloud, data backups are essential for mitigating ransomware attacks. They safeguard critical data against many common scenarios, from disaster recovery to accidental deletions.

These attacks, after all, can stress existing data protection infrastructure that may be built on outdated architectures, thus exacerbating business challenges and creating additional downtime and confusion.

Two recovery functions that are key for limiting the effects of ransomware attacks are reliability of backups and rapid restoration of data. Reliable backup technology that can prevent changes or malicious deletions is paramount. If backup systems and data are compromised, a full reinstall and reconfiguration of the system would be required. 

The second aspect, the rapid restoration of backups, is also essential for avoiding downtime and ensuring critical data is accessible when needed.

It is equally important to assess the storage infrastructure that underpins these critical systems. Legacy systems that are highly complex and require daily maintenance carry countless vulnerabilities that limit both the reliability of backups and the speed of restoration. Infrastructure that emphasizes simplicity is essential for fast, reliable backups that can confront the constant threat of ransomware attacks.

As the strain on U.S. healthcare organizations increases, the need for fast, flexible and secure infrastructure has never been greater. Businesses of all sizes need to confront this challenge across all of their operations. This requires that organizations not only focus on effective storage and management for data, but truly become stewards of its protection.

gerenme/Getty Images

Learn from Your Peers

What can you glean about security from other IT pros? Check out new CDW research and insight from our experts.