Healthcare Cyberattacks Are on the Rise: What Should CIOs do?

Erik Littlejohn, CEO of CloudWave

Healthcare Cyberattacks Are on the Rise: What Should CIOs do?

Cyber and ransomware attacks on hospitals are not only increasing, they are also becoming more sophisticated. Chronic staffing shortages and rising complexity in maintaining the day-to-day cadence of IT operations are making cybersecurity more challenging. Furthermore, with a large part of the workforce still remote, the problem becomes significantly more complex; hundreds of locations and networks are involved instead of a hospital's "four walls." Coupled with the great resignation and the scarcity of local IT talent, it quickly becomes a recipe for disaster.

As the frequency of attacks increases, healthcare CIOs and IT leaders need to implement new technologies that help mitigate attacks and keep up with evolving risks. Existing investments can no longer address today's issues. For example, cutting access off after failed password attempts is no longer practical because malicious actors are not trying to find out what the password is— they already know it. Prolonged workflows on backup will also not work. Instead, healthcare IT leaders must focus on agility and speed to restore/recover normal operations.

How to Protect a Healthcare Organization's Data Infrastructure Against Increasingly Effective Ransomware and Malicious Insider Threats

In the past, the best line of defense against ransomware was to implement a strong firewall and a good backup. As long as one copy was "hardened," it would have been acceptable if copy two was simply "OK." This, unfortunately, is not enough anymore.

In the case of a cyber-attack, a hospital's existing backups are now often infected with the primary production environment. In fact, malicious actors are increasingly targeting backup infrastructure because they realize that a valid backup is one of the most effective methods to foil their plans to extort ransom. Once a backup is attacked, an organization can take little to no recourse to recover successfully.

As a result, the Biden administration recently warned American businesses to strengthen their data backup protocols against potential malicious attacks. One of the key recommendations provided by the administration is to “back up your data and ensure you have offline backups beyond the reach of malicious actors.” This is particularly critical for healthcare as it is one of the top industries targeted by ransomware and cyberattacks.

A restorable and clean third option is needed. A highly effective solution to address these challenges is an immutable backup. Immutable backups are quickly becoming the new best line of defense by preventing the deletion or alteration of sensitive information from external and internal threats.

Immutable backups consist of a standalone copy that is physically isolated and without connectivity, with separate security protocols and locked to prevent edits, encryption, and deletes. In addition, the extra protected copy is separated from the rest of the data storage and IT environment, including the domain structure, for added insurance.

Therefore, if a catastrophic event corrupts a healthcare organization's primary and secondary data centers, the third copy—the immutable backup—can be restored much faster than trying to work around primary and secondary copies that have been corrupted. In addition, the restoration of the immutable backup is completed without requiring the ransom payment, making it a critical element in ransomware recovery.

As a result, many hospitals and their insurers are beginning to require immutable backups. The flexibility and scalability of the cloud is a significant factor in enabling this as it brings cybersecurity advancements that individual hospitals may not be able to invest in independently.

Healthcare Cloud Services

Beyond meeting changing healthcare backup and archive requirements, in today's environment, where data is growing exponentially in volume and more critical than ever to powering health care, guaranteed uptime, easy access, compliance, speed, robust security, and a solid disaster recovery plan are critical. Hospital IT departments must find a way to manage the enormous volumes of data that threaten to over whelm their infrastructures while keeping it all available, accessible and safe.

Whether you operate your IT systems in a data center, in the cloud, or a combination of both, CloudWave can help. We provide cloud and managed services software hosting for any healthcare electronic health record (EHR) service and enterprise applications, including fully managed compute, storage, disaster recovery, archiving, backup, security, and systems management. We take a multi-cloud approach to healthcare IT by helping hospitals architect, build, and integrate a personalized solution using managed private cloud, public cloud, and cloud edge resources.

With a dedicated focus on healthcare, CloudWave is the largest, most experienced, and trusted independent software hosting provider in healthcare, supporting 125+ EHR, clinical, and enterprise applications.