Protecting Patient Data: How Healthcare Organizations Can Thwart Ransomware Attacks

Written by Cody Hall, Product Manager at Synology

Cyberattacks are spreading rapidly in the healthcare sector. According to the Office of the Director of National Intelligence, ransomware attacks on healthcare organizations saw a 100% increase between 2022 and 2023. In fact, the healthcare sector is one of the fastest-growing targets for cybercriminals. Even more alarming is that a quarter of these attacks were carried out using a ransomware-as-a-service (RaaS) tool called LockBit. 

RaaS attacks are becoming more common in the United States across all sectors. A RaaS cybercrime group operates like a business. In this case, LockBit maintains the ransomware variant and ensures it can get around new security tools. Then malicious actors can either subscribe to use the ransomware or buy the tool outright.

Attacks against healthcare organizations have become a pandemic spreading across the globe. In addition to the monetary losses due to downtime and ransom payments, these attacks can cost lives. At the height of the COVID pandemic in 2020, several hospitals countrywide were targeted in ransomware attacks. This forced hospitals to divert patients for care, delaying treatment and putting those in need at greater risk. 

Healthcare organizations have extra layers of complexity to protect themselves against ransomware. In addition to the challenges that all organizations face, like managing various devices, applications, and operating systems used for day-to-day operations, they also store massive amounts of sensitive protected health information (PHI). This data is as good as gold to these attackers and can be used to steal identities, commit fraud, or sell on the black market to the highest bidder. PHI data is highly regulated, and hospitals in the United States must comply with the Health Insurance Portability and Accountability Act (HIPPA). Failure to comply with these laws can result in large fines, lawsuits, and a loss of trust from patients. 

Related:AI in Healthcare Demands Vigilant Security Measures

Protecting these organizations from cybercriminals while complying with federal law sounds challenging. However, there are steps these organizations are taking to help protect their data and their patients from these bad actors. According to data from the National Institute of Health (NIH), one of the most effective tools to help prevent the loss of this PHI data and reduce time lost to cyberattacks is data backup. In a report from the NIH looking at cyberattacks on hospitals from 2016 to 2021, 20% of healthcare organizations were able to restore data from backups after a ransomware infection. By instituting a robust 3-2-1 backup system, healthcare organizations can improve their security posture and prevent data loss and downtime in the event of a cyberattack.

Related:Overcoming the Unique Challenges of DevOps in Healthcare

The rule of 3-2-1 backup states you should have three total copies of your data on two media types. Keep one copy offsite on a server or in the cloud. Having two local copies allows you to restore that data quickly if accidental data loss or hardware failure occurs. The third offsite copy ensures you can recover your data if the systems on your local network get compromised by a cyberattack.  

A properly implemented 3-2-1 backup system is the best way to prevent data loss from ransomware attacks. To prevent this system from becoming a target, you should consider implementing immutable storage and backup. Immutable storage is a data storage method that prevents data from being changed, deleted, or otherwise tampered with for a set or indefinite time. In addition to preventing malicious data loss, implementing immutable storage and backup can prevent accidental data loss. This capability is vital for the healthcare industry, which must comply with strict data retention policies. 

Before joining Synology as a product manager, I worked at a managed service provider that served many clients in the healthcare industry. Where there, I saw real-life ransomware attacks, all caused by phishing attacks. These attacks target the weakest part of any security system: the end user. Training employees to recognize cyber security threats, implementing role-based permissions, and using multi-factor authentication tools are all vital steps in securing your network. 

Related:5 Key IT Certifications to Stand Out in the Healthcare Industry

Data backups are a useful layer in a multi-tiered approach to cybersecurity. As more critical infrastructure becomes the target of cybercriminals, it is important to implement multiple security measures to minimize potential gaps in your security network. The Cybersecurity Infrastructure Security Agency (CISA) provides resources with steps any organization can take to improve its security posture and minimize the risks of ransomware attacks. Here’s a checklist of eight things your organization can do to protect against ransomware. 

About the Author

Cody Hall is Product Manager at Synology America Corp. For more information about the 3-2-1 backup rule, Synology offers this resource.