When a regional hospital in Illinois was hit by a ransomware attack, their entire IT infrastructure went down. The healthcare facility used automated data protection, backup and disaster recovery capabilities in the Panzura global file system to quickly restore files to a pre-attack state and undo unauthorized data encryption.
The hospital outsources management of cloud storage and network connectivity to Panzura’s specialized managed-service partner Datatility. Data held in the Panzura system are backed up, replicated, archived and protected as part of the optimized service provided by Datatility.
The intrusion occurred when cybercriminals delivered a malicious payload to the hospital network through an email phishing scheme. They then gained access to the Microsoft Active Directory service, allowing them to reset the primary domain controller password and compromise all identity services. This facilitated propagation and unchecked replication of copies of the ransomware on target servers where it would install itself and encrypt all of the data.
Administrators contacted Datatility when hospital staff noticed that they were unable to access files on the network. Jan Rosenberg, a vice president and co-founder at the company, was a member of the team that responded with assistance from Panzura’s 24-hour customer service group.
He said the attackers had clearly spent the time to figure out which software and systems the hospital was using, and how to exploit them in the most efficient way.
Critical backups of radiology and cardiology files were stored locally and in the cloud on Panzura filers, secure virtual appliances that manage massive amounts of data and make it easier for hospital staff to simultaneously access and collaborate on sensitive patient and clinical files.
The first step that Rosenberg’s team took was to automatically disable communication with the affected filers which forced all locations into read-only mode, preventing further contamination to the file network.
Rosenberg said the immutable architecture of the Panzura global file system was indispensable in stopping the attack. Data was restored to previous, clean versions in less than 15 minutes. “Panzura provides a hardened, local appliance front end that prevents anything from being installed on the local appliance. That defeats most types of malware and ransomware exploits.”
The images and database backups held in the hospital’s PACS system were protected by Panzura and stored in the Datatility cloud, privately owned and operated IBM Cloud Object Storage (ICOS). The files were available immediately after the organization’s active directory was restored because it was not directly impacted.
A PACS, or picture archiving and communication system, is a type of medical imaging technology used for storing, retrieving, and sharing images produced by medical devices such as x-rays. Radiology and cardiology staff at the hospital had been using PACS to store all diagnostic imaging files.
“Data stored in Panzura filers cannot be encrypted and an unalterable, pristine dataset is always maintained,” said Rosenberg. Changes to data held in the system are synced to the cloud as new data objects, which made files in the Illinois hospital attack impervious to overwriting and malicious encryption.
According to Rosenberg, in a ransomware or other malware incident, data loss is unavoidable with legacy storage and other file-sharing solutions which often rely on inferior enterprise file-sync techniques or lack global file-locking capabilities.
“Panzura offers unique end-to-end protection. Files are fully—and swiftly—recoverable with absolutely no data loss whatsoever. This is simply not the case with legacy storage and competitor file sharing technologies.”
Rosenberg said the Panzura system is also less susceptible at the hypervisor level, and its cloud-mirroring capabilities mean that one object store can be attacked while the other remains completely available.
Once the attack had been halted, Datatility was able to restore most other general IT systems at the hospital, those that did not archive data in the Panzura global file system, from backup tapes over the course of several days following the incident.
The facility had previously switched from on-premises backup and disaster recovery to cloud data storage through Datatility, significantly reducing its all-around costs and management burdens.
The Illinois hospital now uses the Panzura global file system as a cloud-based NAS replacement to make it faster and more economical to handle many types of unstructured data files. These files must be stored in compliance with HIPAA privacy regulations, rigorously backed up and easily retrievable.
Rosenberg said, “Moving to Panzura allowed them to consolidate data across multiple on-premise servers and the cloud without having to refresh old infrastructure which would have been prohibitively expensive and taken months to complete.” Panzura made additional backup unnecessary and reduced the related data-storage footprint of the hospital by nearly 70 percent.
The Datatility team also offers the Panzura Global File System-as-a-Service (GFSaaS), an automated and fully managed instance of Panzura’s software platform, which Datatility has enhanced with features that meet the higher data storage and control requirements of healthcare institutions.
“We want to help hospitals better coordinate and manage patient care, and improve decision making,” said Rosenberg. He says the future lies in personalized healthcare which depends on data-driven thinking and analysis.
The GFSaaS service allows clinicians to apply cloud-based machine-learning and AI analytics across electronic healthcare records (EHR) and other kinds of unstructured data.
According to Rosenberg, most of the data recovery incidents that his organization handles using Panzura are not the result of hackers. “Typically, we see accidental deletions of data or inadvertent file overwrites by well-intentioned staff,” he said. The Panzura system provides point-in-time snapshots which allow an administrator to restore individual files, folders, or the entire file system from the cloud.
“We tell our clients that an ounce of prevention is worth a million dollars of cure,” added Rosenberg. He points out that Panzura also has other security controls important to hospitals.
That includes seamless integration with the Varonis Data Security Platform, and real-time performance-based threat detection and alerts with contextual recommendations on the nature of file performance and storage anomalies, and how to fix them. Alerts cover everything from security, to the performance of filers within the Panzura cluster, to connectivity with the cloud store itself.
Rosenberg said ransomware attacks are potential catastrophes for hospitals. “It’s about continuity of patient care where minimizing disruption can quite literally save lives. Panzura’s super-max protection meant we were able to get the hospital staff in Illinois back up-and-running in a matter of minutes,” he said.
Digital Health Buzz! aims to be the destination of choice when it comes to what’s happening in the digital health world. We are not about news and views, but informative articles and thoughts to apply in your business.