Asian hospitals to protect from cyber infection as threat of ransomware rises

By Leo Lynch, Vice President, Asia Pacific, Arcserve

Healthcare organisations have made tremendous progress in adopting medical technology to increase their efficiency and improve the quality of care they deliver to patients. The new technology ranges widely, from automated patient check-in to robots that cruise the hallways of hospitals to give supplies and remove trash to connected IoT devices that can monitor a patient’s health and predict when illness is imminent.

But all this technology creates a challenge for hospitals as well. It produces massive amounts of data that must be stored and protected. The pandemic has caused a surge in data demands, with remote consultation and admission data. Additionally, volumes of data are being created around digital health passports and the status of an individual’s COVID testing and vaccination.

In the face of this unrelenting data growth—and the need for uninterrupted data availability—adequate storage and data backup is an urgent concern. How can hospitals eliminate the risk of data loss and protect their priceless digital assets?

1. Put a plan in place and train employees in security

The weakest link in security is often the user. In healthcare, many users of technology do not come from a technical background. They are skilled in their areas of expertise but not so much with evolving technologies and the multiplying number of endpoints where they must enter data, retrieve records, and manage and maintain them. This situation is ripe for data exfiltration and other malware attacks.

Hospitals in Southeast Asia are increasingly under cyber threat, especially from ransomware attacks, which lock up files associated with a hospital’s critical patient data and information systems, then demand a large payment to unlock them. In September 2020, multiple hospitals in Thailand became victims of an attack that brought down their computer systems and data. An eye hospital in Singapore suffered a massive attack, with the healthcare data of some 73,000 patients targeted.

Cybersecurity Ventures predicts that healthcare will suffer 2-3X more cyberattacks in 2021 than the average amount for other industries.

Healthcare providers are particularly susceptible to this kind of extortion due to their dependence on up-to-the-minute information from patient records.

Therefore, there is a need for hospitals to start implementing a security awareness program. Such a program can effectively teach employees to spot phishing emails that are the first step in a ransomware attack.

Healthcare providers need to have a disaster recovery plan if their data is compromised, either through a cyberattack or an event like a natural disaster. The plan should include defining what data needs to be protected, how frequently backups need to happen, and how quickly data needs to be restored. The plan should also outline the necessary steps to ensure the critical systems that run the hospital are brought back up and in what order.

2. Embrace new digital tools for backup and recovery

Another critical step that hospitals should take is to adopt the 3-2-1-1 data-protection strategy. This strategy directs that you have three backup copies of data on two different media, such as disk and tape, with one of those copies located offsite for disaster recovery. The final one in this equation is immutable object storage.

Immutable object storage is a next-gen data security tool. It safeguards information continuously by taking snapshots of it every 90 seconds, which means hospitals can quickly recover their data even if disaster strikes. These snapshots provide point-in-time data recovery. Hospitals can use the snapshots to roll back to a previous file state in downtime, natural disaster, or ransomware attack. Immutable snapshots can’t be altered, overwritten, or deleted, so they safeguard data integrity from loss due to human error, hardware failure, or ransomware attack.

With immutable snapshots, healthcare organisations can ensure the smooth and uninterrupted delivery of services and operations—even during a disaster or ransomware attack.

3. Trust your channel partners

Channel partners proved their value time and again during the Covid crisis. They played an essential role in helping healthcare organisations digitally transform their operations while ensuring that data remains accessible and secure.

In the post-Covid world, there will continue to be a compelling need for a data backup and disaster recovery solution because data will continue to multiply and the digital landscape will remain a playground for cyber attackers.

Channel partners stay abreast of the latest and greatest cyber tools, which means they can effectively assist healthcare organisations with safeguarding their data. And, in case of a disaster, channel partners can help healthcare organisations get back online without hindering their productivity or putting patient lives at risk.

Channel partners can also help healthcare organisations conduct penetration testing inside their environment and help them regularly test their data-backup procedures and processes to ensure that all systems are working the way they should. It helps guarantee that organisations can quickly and easily retrieve their data in the case of a cyberattack or another emergency.

Healthcare organisations are being tested as never before. By better managing and protecting their data, they can continue to offer a high level of care and create positive patient outcomes safe from any digital disaster.

Tags: cyber infection, healthcare, hospitals, IoT devices

Category: Top Story