One of the scariest and most damaging types of malware threats today is Ransomware, which results in encryption (locking) of valuable electronic files and the demand of paying a “ransom” fee to release them. Healthcare organizations – the keepers of some of the most sensitive data – are particularly vulnerable to these kinds of attacks, which have been making front-page news with increasing frequency.
In fact, a newly released 2016 report from Solutionary that analyzed malware attacks by industry found that healthcare organizations account for the vast majority – 88 percent – of all ransomware detections. Many other research organizations and industry watchers have reported that up to 75 percent of hospitals in the U.S. may have been victims of a ransomware attack between 2015 and 2016, with more than half of healthcare providers polled indicating that they had definitely been hit by a ransomware attack.
It’s easy to understand why hospitals and other healthcare firms are prime targets for ransomware attackers. The payoff of targeting a large organization in general is potentially higher, plus the fact that medical professionals rely on quick access to medical records in order to provide what may be life-saving services to patients. Hackers are gambling on the fact that healthcare providers would rather fork over payment via Bitcoin than risk harm coming to patients and the resulting lawsuits.
There’s a high dollar cost to this segment of malware hits, and according to the FBI, the damages are on the rise. Ransomware attacks cost victims $24 million in 2015, yet that’s nothing compared to how this year is shaping up for cyberthieves. In just the first quarter of 2016, Americans had already shelled out $209 million in response to ransomware threats. Since hospitals and other healthcare organizations comprise the most targeted industry when it comes to these types of attacks, you can bet that their costs figured highly among these totals. To take just a single high-profile example, in February, Hollywood Presbyterian Medical Center paid what amounted to $17,000 (40 Bitcoins) to regain access to the hospital’s electronic records 10 days after their files were encrypted. Despite the high costs demanded, the reality is that there is no guarantee that files will be restored by an attacker even once the fee is paid.
If your company hasn’t experienced having your files held hostage yet, here’s a picture of what this particular form of hell might look like in a hospital environment: Dr. Kathy Adams (not her real name) is meeting with her patient, Lester Brown (not his real name), to review the results of Lester’s medical tests. He needs to have gallbladder surgery scheduled quickly, and Dr. Adams is planning to go over the results and discuss a treatment plan with Lester. Dr. Adams turns to her computer to pull up Lester’s test results, but her computer appears to be frozen – she isn’t able to access any of her files. Then a strange-looking message spreads across her screen that she can’t decipher.
After trying unsuccessfully to solve the problem by restarting her computer, Dr. Adams walks into the hall to see if there is a network issue. She finds all of the patient care coordinators struggling with the same issue. One by one, doctors and nurses open their doors to report what they thought was their own computer problem and discover that the entire system appears to be shut down. As patients wait, IT is summoned, and the administrator deciphers the message on everyone’s screen that reads: “If you want your files back, pay our ransom fee.” The hospital grinds to a halt, unable to serve patients without access to their medical records and tests.
As you can imagine, such a disturbing scenario can have many consequences for patients, particularly those like Lester who have an urgent need for medical care. Losing access to data for even a few days can have life-threatening consequences for some patients through schedule disruptions and delays in treatment.
A Two-Part Solution: Protection Plus Restoration
How are healthcare organizations responding to these malicious, extortionist malware attacks? It’s safe to say that many companies are not properly prepared for the possibility of a ransomware attack. As hospitals and other healthcare businesses try to figure out their game plan to defend their important digital medical assets, some have installed anti-malware or antivirus software programs to conduct regular scans against infections from a wide range of invaders, including ransomware.
While taking protective measures to detect and prevent malicious programming can be a great start and an important part of an organization’s overall strategy against malware, simply focusing on protection is not enough. Today’s ransomware attackers are getting savvier and more persistent. In such a hostile environment, there’s no guarantee that anti-malware will succeed in protecting an organization’s data from threat. For that reason, it’s important to consider how your organization will manage the potential fallout after a ransomware attack.
With this in mind, a better, more all-encompassing strategy is to also invest in an archive storage solution as an additional tool in your data-protection arsenal. This is particularly important in the case of healthcare facilities that need immediate access to files in order to help patients, including those who are critically ill. Such organizations can’t afford to waste hours, days, or weeks hemming and hawing while executives and administrators try to decide what to do to get their confidential data back.
Many companies may not have considered the fact that having an archive storage solution as part of an overall security strategy can significantly strengthen their defense against ransomware attacks. Yet it’s important to understand that this type of solution can provide an extra layer of best defense that can quickly and easily restore an organization’s files – without needing to pay the ransom fee.
How Archive Storage Works
A huge benefit of incorporating an archive storage system as part of your anti-ransomware strategy is that it provides a way to get your files back even if an attack occurs. Unlike anti-malware – which only targets the defense of files from malware but has no solution for file restoration once files become infected – archive storage systems can be designed to resurrect files even post-attack. In fact, the right archive storage solution can automatically protect data from day one without the need for it to be repeatedly backed up. This functionality dramatically reduces the time and scope of the backup process, as well as the cost.
It may sound like magic, but it’s based on sound technology:
- Shortcuts. Since certain archive storage systems only need to restore shortcuts rather than the whole file, a restoration from a ransomware attack on an archive storage solution takes just minutes. To recover from an attack, the system needs only to restore the shortcuts to the point in time before the attack occurred. This means that the data is instantly available and creates a huge benefit for recovery time objectives.
- Fingerprints. These solutions also may use WORM storage so that file contents/history can’t be changed after the fact. When any file is saved using the archive storage system, the system generates a unique fingerprint of its contents and metadata.
- Stored twice. A top archive storage solution makes two copies of each file in two different locations along with its fingerprint. This “double storage” capacity in two separate hardware appliances means that IT has two assurances that the organization’s data is safely protected.
- Data verification. The best types of archive storage platforms continuously verify files against their fingerprints, repairing them as needed using their copies. They may also be safeguarded by RAID disk arrays for as long as needed.
- Extra protection.A truly cutting-edge system for archive storage is designed to protect against the accidental or deliberate alteration or deletion of a file—even by administrators. This is an important safeguard, as typical malware products will often first attempt to falsely gain access to administrator privileges.
For all of these reasons, archive storage systems are becoming increasingly popular in the healthcare industry as a key component of an overall organizational defense strategy against increasingly common ransomware attacks.
As a best practice, the industry should view standard protective anti-malware solutions as akin to “taking your vitamins” – they may help to keep your body (or in this case, your organization) healthy, and when they work, an ounce of prevention is worth a pound of cure.
But don’t forget that having a curative “medicine” on hand is equally if not more important to good health, and the same is true in the war against ransomware. That medicine is the right archive storage solution.
Gary Watson is a computer entrepreneur specializing in high performance data storage systems. He co-founded Nexsan in 1999 and as CTO took it from inception to a $120M sale to Imation. Watson now serves as an imation fellow and VP technical engagement for Nexsan (www.nexsan.com).