Apr 01 2021

In Healthcare, Hackers Play the Long Game with Ransomware

Awareness is improving, but organizations need more holistic strategies to protect against new types of attacks.

A spike in ransomware attacks, together with other cybersecurity threats, means healthcare organizations need to pay more attention to beefing up their defenses. That includes not only deploying technology solutions but also changing workplace cultures.

That’s the perspective of NetApp Chief Data Officer Ray Deiotte, who believes the healthcare industry needs to move from a posture of training to one of organizational change management.

“Until there’s an attack and the EHR goes down or the ERP system goes down, clinicians and business operations folks just don’t pay it much mind, and that’s a real problem we’re facing from an awareness perspective,” he says. “For IT and compliance and legal, it’s all top of mind, but the rest of the business is blasé about the whole topic.”

DISCOVER: Explore how NetApp's cloud solutions offer data protection.

Hackers Have Easier Access to Attack Tools That Sow Chaos

As Deiotte points out, healthcare data is among the most valuable data one can offer up for sale on the dark web, and healthcare organizations are typically quick to pay that ransom.

“It’s easy to impact a healthcare organization when they don’t have access to the EHR,” he says. “Some of these attackers just want chaos, they want loss of control or even loss of life, and the availability of tools to make that happen makes this more commonplace.” 

Despite the elevated threat risk that ransomware posed as the pandemic took hold, Deiotte says, he thinks the events of the past year have actually helped heighten awareness of that type of cybersecurity threat.

“It has really been a push in the right direction. Through our webinars and one-on-one discussions, ransomware protection always comes up,” he says. “Prior to April or May of last year, those discussions rarely happened with our customers.”

Now, healthcare organizations want to have better visibility and another layer of protection when it comes to securing their data, especially as home office and remote work conditions became more firmly established.

MORE FROM HEALTHTECH: Find out the benefits of creating a data foundation.

Some Organizations Are More at Risk for ‘Slow Tide’ Cyberattacks

The threat that ransomware poses has become more serious, Deiotte says, not only because of the sheer number of attacks but also because of the increased availability of Ransomware as a Service software and the subtlety with which attacks are carried out.

“Hackers are playing the long game, such as instances where basic credentials are stolen and malware lays in wait for weeks or months to escalate privileges and gain access to things that weren’t attacked before, like backups or archives,” says Deiotte. “This really puts the keys to the kingdom in the attacker’s hands.”

As the attacks mature and get increasingly sophisticated, healthcare organizations that lack holistic setup capabilities from the edge network to core data storage are likely to be subject to the types of attacks that have occurred recently.

On the technology side, Deiotte says, it’s critical to provide a comprehensive strategy for security and privacy. That includes everything from credentialling, over-the-wire encryption and firewalls to immutability of snapshots and air-gapping backups so they’re offline and can’t be infected.

“The first step is really engaging in all of the lines of defense available, doing a good job of understanding what the truly critical data is and how to differentiate that data,” he says. “You need to know what the potential risk of the data is, then deploy the technologies to protect the core IT infrastructure from outside attacks as well as internal accidents and nefarious actors.”

Healthcare Security Depends on Holistic Defenses and Behavior Change

Improving organizational literacy about cybersecurity and motivating behavior change, Deiotte says, will require an equally concerted effort.

“You have a number of people working with high-vulnerability data, and that threat surface on the end-user device is far greater than in the core business,” he says. “When those people are downloading data onto laptops to do work, they need to understand that when you do that, you’re increasing the threat surface far wider than the file you’ve brought down.”

Ray-Deiotte-NetApp
You have to know everything and be prepared for everything — which is impossible. It’s better to have a holistic strategy that is flexible to prevent or overcome the unknown.”

Ray Deiotte Chief Data Officer, NetApp

The key is maintaining control over data while still allowing people to work — for example, by providing a core platform for data consumption that can only be accessed through a virtual desktop infrastructure.

Threat monitoring is another indispensable tool, he says. It provides a level of sophistication that goes beyond traditional alerting to include embedded machine learning technologies that can identify behavioral patterns, understanding users and files in order to actively deny access or stop an attack.

“We need a complete methodology change in the way people think about data and data consumption, and those changes will help harden the healthcare defense space,” says Deiotte. “There’s got to be an evolution in the way we do detection and prevention in the face of an ever-evolving variety of threats. You have to know everything and be prepared for everything — which is impossible.  It’s better to have a holistic strategy that is flexible to prevent or overcome the unknown.”

Brought to you by:

Chainarong Prasertthai/Getty Images