Ransomware is malware that will use encryption to lock down files or systems and allows hackers to demand payment to unlock them. This is a growing threat that holds a business’ mission-critical data hostage.
Ransomware and the Healthcare Industry
Less than 10 percent of hospitals recently stated in a HIMSS survey that they would pay a ransom if a breach by hackers demanded payment to access critical healthcare data. Recently, Hollywood Presbyterian paid hackers $17,000 to access their systems including their EMR systems. Another poll this month shows as many as 75 percent of hospitals could have been attacked with ransomware. The poll also shows that 43 percent of hospitals were unsure if they would pay to get their data back. This uncertainty is clear in illustrating several unknowns regarding capabilities to handle such an event.
Several factors may marginalize the confidence of execution on a business continuity or contingency plan to protect the healthcare platform in a given hospital. Factors such as daily backups affected, widespread encryption-at-rest, application state, and database integrity also play a heavy role to ensure electronic Protected Healthcare Information (ePHI) remains intact and accessible throughout a hospital.
These critical factors are affected by the severity of the attack and how quickly a contingency plan could be executed. Many hospital executives do not completely know up-front how well their plans can handle such an event; thus the uncertainty, and ultimately the uncertainty of how well we and our loved ones are treated.
Protecting Against Cyber Threats On the Cloud
A Secure Cloud can protect against such Cyber Threats as Ransomware and provides several layers of security and “Tangible and Transparent” Compliance of such data in the cloud. It should offer daily updated perimeter security through the Application Layer (Layer 7). It should also provide malware detection before it makes it to your data via the perimeter.
A secure cloud platform should have policies and procedures to classify and handle HIPAA Compliance through key solutions for suspected anomalies with logging and intrusion detection. It must also provide encryption-at-rest and in-transit – regardless of the device being used.
A HIPAA/HITECH secure cloud should have contingency plans and work with customers to enable a 360 Secure Cloud for both the infrastructure and HIPAA-based customers and their Business Associates.
A Hospital or Care Provider with critical ePHI should demand Tier 4 data centers to provide the best in Physical Security and Availability.
An exceptional cloud provider should be a multiple carrier data cloud provider to help mitigate DDoS attacks.
All solutions should be inherently secure with a security-first DNA that is the foundation of how a provider should deploy cloud resources.
The Disaster Recovery as a Service should also maintains the same secure stance that can be protected as well as a primary Cloud data center.
The provider’s business continuity planning should also provide for advanced disaster recovery to meet regulations, multiple backups that can be rolled back with minimal recovery times and points beyond 14 days, and database to application state integrity.
Ransomware is a growing threat to Patient Safety—and is due to increase as one of the major Cyber Threats and Fraud to hit Healthcare to date.