The growing menace of ransomware is a big topic of discussion this week at the annual HIMSS22 global healthcare conference in Orlando. Event organizers say experts are there to share their knowledge on how the industry can innovate healthcare delivery.
“There are life-and-death consequences of downtime when hospitals are attacked,” said Dianna Geairn, a conference attendee and director at Silicon Valley software company Panzura.
Panzura makes cloud-based data management solutions that support productivity and collaboration. Geairn heads up the firm’s technology alliance with cloud titan Microsoft, another company that is making its presence known at the Orlando event.
Geairn points out that hospitals and healthcare systems are victimized because they have large amounts of data that is essential to their operations. The U.S. government has warned that healthcare is a favorite target for ransomware extortion schemes.
Outdated technology makes the healthcare industry vulnerable to ransomware according to Geairn. She says data protection is an important benefit of the solutions offered by Panzura.
“Having multiple layers of protection against malicious activity is important. Protection on servers and devices can impede ransomware, but no single technology is a complete defense,” she said.
She recommends healthcare delivery organizations pair Microsoft cybersecurity offerings, such as Microsoft Sentinel cloud-ready security information and event management system, with the global file system called Panzura CloudFS.
“Microsoft guards the front door to keep ransomware out, and Panzura preserves hospital data if the bad guys get inside,” said Geairn.
Ransomware at the castle wall
The growing use of modern medical devices at the point of care has introduced risk. Large organizations often deal with thousands of these devices. They typically do not contain any patient data, but are an easy entry point to hospital systems that hold sensitive data.
Staff also need to access and share files, and to coordinate and collaborate on treatment, exposing another line of attack.
“It can be something as innocuous as an email sent to an unsuspecting clinician or researcher,” says Geairn.
She cites a regional hospital in Illinois, a Panzura customer, that was hit by a ransomware attack and had their entire data storage system go down. The intrusion happened when cybercriminals delivered ransomware through an email phishing campaign.
Geairn said the facility used automated data protection, backup and disaster recovery capabilities in the Panzura global file system to quickly restore files to a pre-attack state and undo unauthorized data encryption.
“We work with countless hospitals and healthcare providers, and the protection we provide means not a single one has ever lost data or paid a ransom.”
Prescription for cyber vigilance
More than half of healthcare delivery organizations now say they are not confident in their ransomware defenses. “There’s a sense of paralysis out there. But the fact is, data can be made impervious to breach and loss without any compromise in how you work,” says Geairn.
She said one of the reasons she is at the HIMSS conference is to help healthcare organizations better understand this. Geairn is also concerned that geopolitical events are raising new cyber threats.
Hackers sponsored by Russian intelligence agencies have pledged support for Putin’s invasion of Ukraine. They have threatened to debilitate infrastructure with ransomware and other types of malware in retaliation for the U.S.-led economic sanctions.
“Tactics are shifting from extortion to complete data destruction as a way to permanently take down medical systems,” Geairn said.
The American Hospital Association and the HHS Health Sector Cybersecurity Coordination Center, known as HC3, have urged vigilance. Geairn says that starts with knowing when data is being consumed in unusual ways, and stopping it in its tracks.
According to Geairn, Panzura CloudFS does scheduled reporting and sends real-time custom warnings on user activity and data movement so IT staff will know when unusual behavior could threaten data.
Specialized SaaS data-management capabilities are offered as an overlay to the Panzura solution. This provides a unified view of data in the cloud and on premises. Automated alerting, search, audit, and file analytics deliver additional observability, and can also assist with file restoration if an attack does occur by helping hospital IT teams quickly find and recover affected data.
Immutability protects healthcare data
Detection and response strategies to check for anomalistic activity is a first line of defense, but healthcare providers face a potential catastrophe should hackers gain access to data.
“We have figured out how to make EHR and other healthcare data absolutely, positively unalterable by ransomware. And to simultaneously make it fully accessible for authorized personnel to view, collaborate, analyze, and move it around at any time, anywhere,” said Geairn.
Panzura makes data impervious to ransomware and malware by storing it in an immutable form according to Geairn. In response to data protection mandates like HIPAA, this ensures medical files can be unalterably stored and audited in perpetuity.
“That same immutability also protects data from hackers,” she said. Once data is in the Panzura system, it cannot be changed, overwritten, or damaged.
Geairn says diagnostic imaging files for radiology and cardiology, as well as pharmaceutical and scientific data, are routinely and immutably held by Panzura CloudFS.
The prognosis for recovery
Should ransomware or any other criminal payloads breach the healthcare provider’s defenses, Panzura CloudFS makes it virtually impossible to lose data altogether, and provides for near-zero data loss.
While many hospitals still use legacy data backup and archival processes, Geairn says this is problematic.
“That may be effective in a limited way, but the time and effort to bring systems back online and restore data from those outdated backups takes days or even weeks,” she said.
Reports indicate that recovery costs exceed $1.27 million per incident for issues like downtime, hours lost, device and network costs.
Using read-only snapshots, or replicas of files, sidesteps these problems according to Gearin. The Panzura global file system uses snapshots for precise point-in-time restoration of any type of unstructured healthcare data.
“That’s critical not just when you get hit by ransomware, but accidental file deletions happen all the time,” says Geairn.
Both the snapshots and the data itself are immutable, according to Panzura, allowing files to be reverted back to previous ‘clean’ versions almost instantly. The system even makes it possible to quickly restore individual files, directories or the entire file system to a fine-grained level.
Geairn says the healthcare industry will continue to be a rich target for cybercriminals. “The black hats are getting ever more sophisticated, but healthcare providers have the tools available to them to win this fight,” she said.
Working alongside Microsoft alliance partners, Geairn says conversations started this week about trust, security, and compliance for healthcare data, will continue well beyond the HIMSS conference.
“But it’s not enough to just talk about ransomware,” Geairn said. “We’re showing the healthcare industry how to end this scourge.”
Digital Health Buzz! aims to be the destination of choice when it comes to what’s happening in the digital health world. We are not about news and views, but informative articles and thoughts to apply in your business.