know, protect, and recover: standing strong in the fight against ransomware
TRANSCRIPT
Overview Ransomware People Process Detection Recovery & Impact Call to action
Produced in partnership with
Sponsored by
Standing Strong in the Fight Against Ransomware
Know, Protect, and Recover
Overview Ransomware People Process Detection Recovery & Impact Call to action
Know, Protect, and Recover: Standing Strong in the Fight Against Ransomware 2
Overview
Ransomware: the emerging threatWhile malicious cyberattacks are nothing new, the nature of the beast has changed, as
cybercriminals now are deploying ransomware – any type of malware that restricts access to a computer system or data until a payment is made – to bring operations at healthcare organizations to a grinding halt. As a result, leaders need to work harder than ever before to tame this rabid threat.
“Getting into healthcare systems and stealing data to sell has a negative impact on patient privacy, but locking healthcare
organizations out of systems is much uglier because it can have a really detrimental effect on patient care,” said Rick Bryant, Healthcare Practice Manager at Veritas Technologies LLC. “Imagine if a patient is brought to an emergency department and the clinicians can’t get access to his records and give
him a drug he is allergic to. There are some very real patient care implications.”
Unfortunately, as healthcare organizations have become increasingly reliant on information technology, cybercriminals have realized – and exploited – the fact that they can use
Crash Course In Modern Day Ransomware
Click here for more information.
Hospital Declares ‘Internal State of Emergency’ After Ransomware Infection
Click here for more information.
“Healthcare organizations need to know exactly where their critical patient information is, so they can better protect it.”Rick Bryant
ransomware to hold healthcare organizations hostage.
High-profile ransomware cases – such as the attacks that occurred at Hollywood Presbyterian and MedStar Health in early 2016 – have brought attention to the fact that healthcare organizations can’t sit idle but instead must begin to manage their data in a manner that makes them less vulnerable to intrusions.
“Healthcare organizations need to know exactly where their critical patient information is, so they can better protect it,” Bryant said. “It’s not like other industries where you might not be able to process an order if a criminal is holding information ransom. In healthcare, you could be putting human lives at risk.” n
Overview Ransomware People Process Detection Recovery & Impact Call to action
Know, Protect, and Recover: Standing Strong in the Fight Against Ransomware 3
Ransomware
Ransomware goes rogue and rampantWhile ransomware has been in existence since the late 1980s, it has become
much more sophisticated, prevalent and difficult to control in recent years.
The AIDS Trojan, first-generation malware introduced in 1989, was relatively easy to overcome, as victims were able to use tools to decrypt the affected data and restore their systems quickly.1
Fast forward to today, and cybercriminals are using more sophisticated and potentially dangerous forms of ransomware.
Locker, which locks out end-users from accessing computers or devices, accounts
for 36 percent of the ransomware used, according to a report from Symantec.2
Crypto encrypts the data that resides on computers and devices, rendering it useless by end-users. The first instance of this type of ransomware, which now accounts for 64 percent of the
ransomware used today,2 appeared in 2013 in the form of CryptoLocker, a ransomware Trojan that generated a 2048-bit RSA key pair and was spread through email attachments and drive-by downloads from infected websites.1
“Unfortunately, hackers are better resourced and, therefore, deploy more
sophisticated technology than many healthcare organizations,” said Greg Carter, Healthcare Technologist at Veritas Technologies LLC. “Healthcare organizations struggle with having the technical skills to defend their data. After all, their business is patient care, not technology.”
Healthcare organizations, however, can reduce their risk by identifying what information needs to be protected – and therefore, becoming less vulnerable. With solutions such as Data Insight from Veritas, for example, organizations can identify where all critical unstructured data resides – and then move it to a safe location or encrypt it. nREFERENCES1. KnowBe4.com. Your Money or Your Life Files, 2016.
2. Symantec. The Evolution of Ransomware, August 6, 2015.
Hackers hit another hospital with ransomware, encrypt four computers
Click here for more information.
As ransomware attacks spread, health system hit by phishing
Click here for more information.
“Healthcare organizations struggle with having the technical skills to defend their data.”Greg Carter
Overview Ransomware People Process Detection Recovery & Impact Call to action
Know, Protect, and Recover: Standing Strong in the Fight Against Ransomware 4
People
While ransomware targets computers, it takes a human touch to prevent such attacks.
“People are the ones using the system. It is through people that ransomware is spread throughout an organization,” Bryant said. “The attackers are sending phishing emails or bad URLs or posting malvertising on legitimate websites. So, it is the people who you have to educate on what to do and what to look for to halt ransomware. Your people must be continually educated on how to avoid malicious attacks that will put their organization at risk.”
Perhaps most important, staff members need to have confidence in their ability to restore their systems so they won’t easily
Prepared to prevent, ready to restore
succumb to cybercriminals’ threats. “The cultural stigma of being hacked
shouldn’t be any more of an event than a hard drive crashing. It happens and it’s disruptive, but if staff members can confidently call their IT department and know that they will be up and running within a few hours then they don’t even have to try to negotiate with criminals and put their organization at a bigger risk,” Bryant said.
Such confidence in the ability to recover can help organizations carry on, even as ransomware attacks become more malicious.
“Cybercriminals are starting to stage ransomware attacks to divert organizations
Crash Course In Modern Day Ransomware
Click here for more information.
Tips for protecting hospitals from ransomware as cyberattacks surge
Click here for more information.
from other attacks. For instance, they might stage the ransomware attack while another attack is redirecting pharmaceuticals. So, they might have a shipment of narcotics redirected to one of their hotspots, so they can sell drugs. That’s where the real money might come in for the cybercriminals,” Bryant said. “But if healthcare organizations have confidence in their ability to recover, then they won’t have to fall prey to such schemes.” n
Overview Ransomware People Process Detection Recovery & Impact Call to action
Know, Protect, and Recover: Standing Strong in the Fight Against Ransomware 5
Process
It’s good to hold valuables close to the vest while trying to protect them. But doing so is an
exercise in futility if you don’t know where valuables are located or if you have too many to carry.
According to Veritas’ recent report, “The Databerg Report: See What Others Don’t”, many healthcare organizations are creating unwieldy “databergs” that make it difficult to get a handle on exactly what needs to be protected. These databergs consist of:
Sound information governance
To avoid spiraling future data manage-ment costs and the risk of sweeping sanc-tions, US organizations need to take action, now, and reduce their Databergs.
After determining what needs to be protected through information governance
Read the Databerg Report
Click here for more information.
NIST Framework
Click here for more information.
Veritas Information Governance Solutions
Click here for more information.
initiatives, organizations can then develop sound security processes by drawing guidance from published documents such as the NIST (National Institute of Standards and Technology) CyberSecurity Framework.
With such a framework serving as an overall guide, healthcare organizations can continually weave best practices into their processes. For example, they might want to adopt a “defense in depth” strategy as a best practice.
“Defense in depth goes back to a military strategy that has multiple lines of defense,” Bryant explained. “The concept is that there is a multi-layered approach. So, if attackers penetrate one layer, there is another layer that will block them.” n
Business Critical Data – This is data identified as vital to the on-going operational success of our organization. We need to protect and proactively manage business critical data.Redundant, Obsolete And Trivial (Rot) Data – This is data identified as Redundant, or duplicate, data, Obsolete, no longer having business value, and Trivial data with little or no business value for us. We need to proactively minimize ROT data by securely deleting it on a regular basis.Dark Data – This is data whose value has not yet been identified. It may include vital business critical data as well as useless ROT data. Either way, it consumes resources. We need to explore and assign dark data, as either ROT or business critical data, as soon as practical.
Overview Ransomware People Process Detection Recovery & Impact Call to action
Know, Protect, and Recover: Standing Strong in the Fight Against Ransomware 6
Detection
Electronic data is growing at an unprecedented rate in the healthcare industry.
An overwhelming amount of data that organizations hold on to, however, has no legal, regulatory or business value. In fact, 69 percent of an organization’s stored information is redundant, outdated or trivial, according to the Compliance, Governance Oversight Council.1
With manually separating critical data from useless data a time-consuming and ultimately fruitless exercise, organizations must start leveraging technologies that enable them to support better information governance programs.
Technology: driving strategic data management
“In healthcare, more data equals more risk,” Bryant said. “However, healthcare organizations are afraid to delete things because they don’t know the difference between an MP3 music file and a file with drug treatment protocols. They need to be able to identify the data that is critical to patient care.”
Information governance technologies can help healthcare organizations practice “defensible deletion.” These tools can also help to identify unnecessary privileged access, recognize who is accessing data (and when, where and why they are accessing it), and identify and archive useless data from primary storage. Most importantly, such technology can identify protected health information (PHI) and then safeguard this data by moving it to an
appropriate storage area or encrypting it.“With these tools, organizations can finally
understand the difference between the data that is needed to drive the organization forward and the data that is no longer needed,” Carter said. “And, they can start to strategically manage data instead of just building more storage space.” nREFERENCE1. Compliance, Governance and Oversight Council (CGOC).
Information Governance Benchmark Report in Global 1000 Companies, October 2011.
Data Loss Prevention
Click here for more information.
NIST Cyber Security Framework
Click here for more information.
Veritas Data Insight
Click here for more information.
Overview Ransomware People Process Detection Recovery & Impact Call to action
Know, Protect, and Recover: Standing Strong in the Fight Against Ransomware 7
Recovery & Impact
While healthcare organizations must do everything in their power to protect themselves
from ransomware attacks, they also must prepare for the worst.
“Many healthcare organizations don’t have a simplified, automated and predictable disaster recovery strategy. The identification of what is truly critical data and the proper way to recover is at times not clear or tested,” Carter said. “So, they wind up having to pay a ransom and do a press release about the attack. That breaks my heart because it sends the wrong message and could prompt more hackers to target healthcare.”
Healthcare organizations need an enterprise backup and recovery solution
Leveraging technology to recoverthat will ensure that all data and applications are replicated – not just backed up – and everything is stored safely at a reliable recovery site.
“These solutions make it possible to recover the data to the time previous to the ransomware attack,” Carter said. “Point-in-time backup ensures that organizations won’t lose many months’ worth of data.”
To add an extra layer of security, “healthcare organizations should deploy backup appliances that have security in the boxes themselves so they can’t be compromised,” according to Carter. “You can have a ransomware attack in the organization, but it won’t affect backups if you are using one that has embedded security,” he added.
Perhaps most important, organizations need to test their backup plans and technologies before disasters strike.
“It all means nothing if organizations don’t conduct simulations and testing,” Carter said. “If organizations just put recovery policies and technologies in place and assume everything is OK,
NetBackup Converged Platform
Click here for more information.
InfoScale Storage Flashsnap functionality
Click here for more information.
they are likely to fail. There is always a possibility that something has been missed. So, testing is critical.” n
Overview Ransomware People Process Detection Recovery & Impact Call to action
Know, Protect, and Recover: Standing Strong in the Fight Against Ransomware 8
Call to action
© 2016 Veritas Technologies LLC. All rights reserved. Veritas and the Veritas Logo are trademarks or registered trademarks of Veritas Technologies or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners.
Healthcare organizations are being held ransom – like never before.
As cybercriminals become more sophisticated and leverage advanced tools, more healthcare organizations are becoming the victims of increasingly malicious ransomware attacks.
While some of the initial victims succumbed to their attackers’ demands – and wound up paying ransoms to regain access to their computer systems – it’s time to fight back. To protect themselves, healthcare organizations need to reduce risk by mounting comprehensive
A comprehensive defenseinformation governance initiatives and implementing sophisticated, comprehensive security programs that delineate how people, processes and technology can be used to steadfastly
The Data Cure: Information Management in the Healthcare Sector
Click here for more information.
guard against and quickly recover from ransomware attacks. Only then will organizations be able to provide patient care without unnecessary and disastrous interruptions. n
To learn more about how healthcare organizations can better protect valuable patient data in this era of cybercrime, go to www.veritas.com/solution/healthcare.