axway.com | syncplicity.com SOLUTION BRIEF A pound of cure: Ransomware protection and recovery in Healthcare How healthcare organizations can keep critical data and files from being held hostage by the latest cyber threat As cyberattacks grow in toxicity, healthcare is ready for an antidote On the heels of multiple large-scale cyberattacks targeting healthcare organizations, it’s no surprise that data security is top of mind for health IT leaders. A recent study conducted by the College of Healthcare Information Management Executives (CHIME) bears this out: of the 100 hospital CIOs surveyed, an overwhelming majority (95%) indicated they are concerned with the safety of their patients’ data. Damage from cyberattacks can be devastating. The loss of access to patient records alone can result in critical services being suspended, or lead to the indefinite interruption of communication essential for patient care. In some cases, attacks have affected entire healthcare organizations for days – tarnishing reputations, straining trust in the healthcare system, and negatively impacting patient experiences and outcomes. Healthcare providers could spend months or even years working to recover after a cybersecurity incident and may spend more money than expected on the recovery process. Deloitte Cyber Risk Services recently published this article to help show organizations that a data breach could have long-lasting effects and costs. For example, one data breach scenario discussed in the report was at a health insurance provider. Deloitte calculated the total cost at over $1.6 billion over a five year timeframe. 2 Ransomware is among the Healthcare industry’s biggest threats. Hackers realize just how crucial data is to a hospital’s daily operations, and how readily a victimized hospital will pay to avoid disruption. Considering the frequency of news reports detailing how yet another healthcare provider has been hit by ransomware, what steps should you take now to keep your organization from becoming the next headline? The number of reported healthcare hacking events attributed to ransomware went up 89 percent from 2016 to 2017. 1 Source: 1 MedCity News, Analysis: Healthcare ransomware attacks increased 89% from 2016 to 2017, Erin Dietsche, January 7, 2018 2 Deloitte Development, Beneath the surface of a cyberattack: A deeper look at business impacts, Emily Mossburg, John Gelinne and Hector Calzada, 2016
Transcript
axway.com | syncplicity.com
SOLUTION BRIEF
A pound of cure: Ransomware protection and recovery in Healthcare How healthcare organizations can keep critical data and files from being held hostage by the latest cyber threat
As cyberattacks grow in toxicity, healthcare is ready for an antidote
On the heels of multiple large-scale cyberattacks targeting healthcare organizations, it’s no surprise that data security is top of mind for health IT leaders. A recent study conducted by the College of Healthcare Information Management Executives (CHIME) bears this out: of the 100 hospital CIOs surveyed, an overwhelming majority (95%) indicated they are concerned with the safety of their patients’ data.
Damage from cyberattacks can be devastating. The loss of access to patient records alone can result in critical services being suspended, or lead to the indefinite interruption of communication essential for patient care. In some cases, attacks have affected entire healthcare organizations for days – tarnishing reputations, straining trust in the healthcare system, and negatively impacting patient experiences and outcomes.
Healthcare providers could spend months or even years working to recover after a cybersecurity incident and may spend more money than expected on the recovery process. Deloitte Cyber Risk Services recently published this article to help show organizations that a data breach could have long-lasting effects and costs. For example, one data breach scenario discussed in the report was at a health insurance provider. Deloitte calculated the total cost at over $1.6 billion over a five year timeframe.2
Ransomware is among the Healthcare industry’s biggest threats. Hackers realize just how crucial data is to a hospital’s daily operations, and how readily a victimized hospital will pay to avoid disruption. Considering the frequency of news reports detailing how yet another healthcare provider has been hit by ransomware, what steps should you take now to keep your organization from becoming the next headline?
The number of reported healthcare hacking events attributed to ransomware went up 89 percent from 2016 to 2017.1
Source:
1 MedCity News, Analysis: Healthcare ransomware attacks increased 89% from 2016 to 2017, Erin Dietsche, January 7, 2018
2 Deloitte Development, Beneath the surface of a cyberattack: A deeper look at business impacts, Emily Mossburg, John Gelinne and Hector Calzada, 2016
While there is no foolproof way to completely prevent a ransomware attack, there are ways to better defend against this new and very destructive type of malware. Even if an attack does slip through the defenses, a quick recovery is possible if you have a solid remediation plan in place.
An ounce of prevention is worth a pound of cure. With this adage in mind, here are a few practical guidelines your organization can follow to protect your information and recover quickly in the event of a ransomware attack.
Back up files in real time
Backup, backup, backup! For most organizations it’s easier said than done. That’s because it often involves a lot of manual steps. Plus, backup processes are rarely, if ever, completed. With Syncplicity, continuous backup is easy and seamless. Files and folders are backed up automatically in real time, meaning you start syncing all your folders just once and move on. No more worries about data loss.
Security experts have warned that ransomware will continue to plague the industry this year, and hackers will increase the sophistication of attack methods. Ransomware windfalls have declined as user education and security defenses have improved.3
Source:
3 HealthITNews, Ransomware attack on Hancock Health drives providers to pen and paper, Jessica Davis, January 15, 2018
Syncplicity cuts overall costs to IT departments by helping them overcome the challenges of getting users to follow backup guidelines.
Utilize multi-folder sync
Our unique EFSS (Enterprise File Sync and Share) feature, multi-folder sync, allows users to back up every folder on their desktop automatically. All files and folders are synced in place; no need to move them to a so-called “magic folder.” In the event of a ransomware attack, users can access every file in every folder on Syncplicity. Other EFSS solutions only make available the files a user remembered to copy into a “magic” sync folder.
Administrators should urge hospital staff to sync all their critical files and folders, including Desktop and My Documents. You should also know that you can proactively specify the sync of any desktop folders to ensure that patient information is safe.
The most common types of ransomware work by either deleting files and replacing them with renamed encrypted versions, or by retaining filenames and encrypting the contents in place. In both cases, Syncplicity retention policies ensure the files can be recovered.
A file retention policy allows you to retain deleted files forever or for a specified period. That way, if your original files are deleted by ransomware, you can retrieve them. Be sure to review your file versions retention policy, too. It controls how long you should save an earlier version of a file after it’s been edited or overwritten.
Exclude risky file types
To contain the spread of an attack, administrators can block certain file types from syncing. A file type exclusion policy lets you preemptively block known crypto document types (e.g. those with the .locky and .crypt filename extension) as well as potentially malicious executables such as .vbs, .scr, and .exe.
Eliminate or reduce email attachments
Ransomware often enters a system via email when a user unknowingly releases it by opening an infected attachment. You can reduce this risk by training employees to share links to files rather than adding them as an email attachment. The Syncplicity Outlook Add-In automatically transforms email attachments to links. Users can also paste a Syncplicity shared link into the body of an email message.
Establish a recovery plan
The restoration process after a ransomware attack can be time consuming and costly, significantly affecting healthcare systems, practices, and outcomes. Hackers are betting that you’ll pay the ransom to get operations up and running again stat. With Syncplicity, successfully achieving the most critical part of your remediation strategy – the recovery of locked files and records – is not a problem.
Now that you have your retention policies and multi-folder sync in place, users can restore the latest version of files before they were locked up and held hostage, and recover deleted files, using Syncplicity.
Healthcare organizations that have been hit with system-wide breaches impacting multiple users and thousands of medical files should contact Syncplicity for assistance.
As the ROI for ransomware attacks continues to attract bad actors, it will likely be some time before the current outbreak of attacks subsides. But with industry guidance, and the strategies outlined above, your organization can avoid being part of the lead story in tomorrow’s news cycle.
