By Eric Bednash
After a brief quiet period through the fall, the ransomware crisis is beginning to accelerate again in the aftermath of the Log4j security flaw that has left thousands of organizations and enterprises alarmingly vulnerable to cyberattacks.
The healthcare sector, in particular, is among the most at risk – as highlighted by the HHS Cybersecurity Program’s official alert
issued on Dec. 14:
“The exact extent to which Log4j is deployed throughout the health sector is unknown. It’s a common application, utilized by many enterprise and cloud applications including several large and well-known vendors. Therefore, it is highly likely that the health sector is impacted by this vulnerability, and possibly to a large-scale extent.”
In layman’s terms, consider the addition of Log4j to healthcare’s threat landscape like the act of pouring gasoline on an already-blazing fire. Ransomware attacks on the sector have grown in volume and velocity over the last several years with steep financial ramifications. The global cost of data breaches
to healthcare organizations rose from $1.5 billion in 2018 to $13 billion in 2020, and followed a similar trend in 2021 with 80% of healthcare IT professionals
agreeing ransomware attacks continued to spike over the last 12 months. Whether it’s a national public health system
in Ireland, an in-patient cancer center
in Las Vegas or a small local hospital
in rural Wyoming, no healthcare entity is safe from ransomware’s reach regardless of its size or stature. That is our reality as we enter 2022.
The magnitude of the situation calls for more urgent action from healthcare executives and IT decision-makers alike. Protecting hospitals and health systems from the escalating prevalence of ransomware isn't just a cyber issue; It’s a matter of public health. And in order to make real, meaningful progress toward strengthening cybersecurity posture across healthcare, enhancing unstructured data security must be top of mind. It’s the only effective approach for safeguarding the high-value assets ransomware actors covet the most.
Why is healthcare a top target for ransomware?
The Ransomware-as-a-Service (RaaS) model thrives on stealing high-value assets that force organizations to pay up in exchange for the encryption keys to unlock their data or recover lost files. In the Colonial Pipeline ransomware attack conducted by the cybercriminal organization DarkSide, that asset was 100 gigabytes of data
exfiltrated from a shared internal drive. Shared drives are the most common means for organizations to store and utilize data, with the majority of architectures leveraging network attached storage (NAS) systems and generic file servers on-prem or in the cloud as these shared data repositories. While the impact to Colonial can be measured in dollars and cents - they paid $4.4 million in ransom in addition to economic impact of the extended outage - the disruption to the lives of everyday citizens is much more concerning.
Now, look at it from a healthcare perspective. The bulk of high-value assets targeted by ransomware attackers is unstructured data, meaning it extends beyond the basic information such as patient names, addresses, and credit card numbers in a database. Instead, unstructured data resides in Electronic Health Records (EHRs) and involves essential components
of patient care: physician appointment notes containing contextual information (e.g., living conditions, how the patient perceives their symptoms, family medical histories, etc.), email correspondence, text files, photos and videos, call transcripts and recordings, imagery (X-rays, MRIs, etc.) and communication apps. Unstructured data can consist of as much as 80% of data
within a healthcare organization.
Without access to this critical information, medical professionals cannot provide effective care for their patients -- some of whom are dealing with life-threatening conditions that require 24/7 monitoring. A ransomware attack on a major hospital significant enough to cause prolonged operational downtime could lead to severe consequences, especially as the Delta and Omicron variants continue to strain hospitals with sharp rises in COVID-19 hospitalizations
across the world. We’re talking about real lives at stake.
Proactively protecting unstructured data with cyberstorage
There isn’t a magic bullet to eradicating the threat of ransomware against the healthcare sector for good. Defending threats will always come down to evolving strong security practices, layering advanced technology, and continued diligence. One of those areas of evolution is Cyberstorge, which specifically addresses the data-centric element of security. More than 80% of EHRs are unstructured and stored on systems that leverage decades old security technology. Some systems pass off encryption or data protection (backups, snapshots) as cybersecurity, but those protections have existed nearly as long as the NAS market and have done nothing to slow or stop advanced attacks like ransomware or insider threat (data theft, sabotage).
Cyberstorage solutions are the first data-centric solutions that take security seriously, starting by addressing all three phases of the data security lifecycle in a unified and holistic manner.
● Cyber hygiene
- minimize attack vectors though policy-based controls, ensure data protection and retention, and prove it on a daily basis through continuous compliance and reporting
● Active defense
- detect attacks as they happen, synchronize defenses to terminate malicious activity in a cyber resilient manner and minimize impact, alert and integrate with external systems for coordinated defense
● Remediation & recovery
- remediate the incident, quickly restore and return to service
This unified approach to data management is only attainable through the accelerated adoption of cyberstorage solutions
that can be deployed anywhere critical data resides – on-premises, in the cloud, at the edge, or in hybrid environments. Unlike traditional NAS and object systems - the backbone of picture archiving and communication systems (PACS) and vendor neutral archives (VNA) - which rely on access controls, backups and sometimes encryption for security, cyberstorage solutions deliver active security technologies to identify, protect, detect, respond and recover from ransomware attacks against unstructured data. Consider it a seismic shift away from legacy NAS technology that wasn’t designed to defend against the evolving tactics, techniques and procedures (TTPs) of attackers.
By leveraging cyberstorage solutions, healthcare organizations are essentially following a data-centric Zero Trust model – an enhanced version of the traditional Zero Trust framework – that secures their unstructured data with always-on protection policies, active security for detecting malicious activity, and end-to-end data compliance. With AI and machine learning capabilities, the system can identify compromised accounts, malicious behaviors, and insider threats in real time to create a unified line of defense as close to unstructured data as possible. That means no more relying on perimeter-based protections that lack visibility of network end-points and user behaviors.
Going one step further, cyberstorage solutions also streamline compliance with Electronic Health Record (EHR) requirements relative to archive and records disposition, regulatory compliance and reporting, and data protection. With simplified processes, enterprises can more efficiently demonstrate when data has been purged or deleted, as well as generate automated reports to confirm compliance of auditing, investigations, government regulations and more.
Amidst our current global health crisis, ensuring patient safety and exceptional care through the protection of unstructured data assets has never been more critical. In reality, there are two paths ahead for healthcare organizations to take. Those that act now to integrate cyberstorage solutions within their data security measures will be far better positioned to secure their high-value assets and actively defend against ransomware. Meanwhile, those that don't will remain at a high risk of significant loss, both financially and in the ability to deliver patient care.
The choice is yours, but the clock is ticking.
About the author: Eric Bednash is the CEO and co-founder of RackTop Systems.