Last year, ransomware attacks affectedOpens a new window more than 600 distinct hospitals, clinics, and healthcare organizations. Threat assessments around unstructured electronic health record (EHR) needs to include both prevention and recovery options, as well as evaluation of prevalent technologies such as immutably architected global file systems, to reduce or even eliminate data vulnerability, explains Glen Shok, VP of strategic alliances, Panzura.
In a concerted effort to exploit weaknesses in healthcare infrastructure, cybercriminals are targeting hospitals and other patient care organizations with ransomware. The pandemic opened a pathway for both state-sponsored and rogue actors with confirmed data breaches among healthcare delivery organizations increasing by 58% last year alone.Â
Experts have confirmed that only a small fraction of the actual attacks that have hit hospitals and healthcare systems in the U.S. have been publicly reported in the media. They often involve complete shutdown of vital systems that support access, management and storage of EHR with spillover effects across other clinical and operational services.
Data Recovery in the Equation
Patient care leaders are becoming more adept at early detection of ransomware and other malware variants with strategies to shut down attacks and reduce the damage. These incidents are not brute-force, and changing behavior by trying to educate end users and increase awareness about phishing and securing personal devices is the hardest part.
Despite the sense of crisis, since no defensive posture is unassailable, recovery is now a practical—and essential—part of the threat equation. Disaster response planning should make data restoration commensurate with the criticality of these resources. An hour of downtime for certain workflows, for example, can easily represent the threshold at which clinical and patient outcomes become dangerously hampered.
Hospitals and healthcare systems often have adequate backup processes set up for structured data like database files. Unstructured data is a different story, with legacy backup strategies typically leaving this information exceptionally vulnerable.
Unstructured files include medical imaging files from devices, as well as biosignal data from operating rooms or intensive care units and wearable health monitoring devices.Â
Audio data produced pathophysiologically from patients and medical staff for use in clinical procedures are also unstructured. In fact, nearly 80% percent of electronic health records are unstructuredOpens a new window and the expanding cost of storage for these file types is compounded by their exponential proliferation in healthcare settings.
Learn More: Loyal Worker or Ransomware Mule? How Organizations Can Contain Insider ThreatsÂ
Unstructured data is particularly challenging to manage, not least because of its rapidly growing volume, varying file size, and multitude of sources. Due to the sheer volume of data and the size of individual files, running full backups is a lengthy process and restoration is both time-consuming and error-prone. While incremental backup processes allow more granularity than traditional once-daily backups, both require replication of files. Achieving an acceptable level of file durability requires replicating files several times, compounding the pressure on storage and requiring additional outlay on infrastructure and maintenance.
Hospitals and related organizations have found relief in global file systems. Engineered to replace legacy storage with a single, unified file system that works across multiple cloud or on-premises configurations, these systems were not necessarily designed with ransomware top-of-mind but actually offer increasingly important recovery options by virtue of underlying architecture.
For example, a global file system saved at least one hospital from a recent unpublicized ransomware incident. The hospital had deployed the system through healthcare cloud-solutions specialist Datatility for management of unstructured data, which is typically siloed in disparate public and private clouds. Immutable techniques in writing to object stores, meant to speed-up access to files across geographically dispersed locations and cross-functional clinical teams, in fact made data impervious to encryption.
This is because the ransomware instead generated data that was written to cloud storage as completely new objects. In this case, we prevented the attack from impacting any of the data stored within it and the hospital escaped without paying a ransom or exposing sensitive information. This goes to the heart of the data protection environment, negating ransomware tactics where shutting down operations and making backup data useless is the goal.Â
Learn More: 14 Insights on How To Prevent a Ransomware Attack and Avoid Being the Next Headline
Unstructured Data in Healthcare Settings
In terms of core data storage requirements, global file systems offer other advantages as well for digitized healthcare environments. They can make data more accessible and available for analysis by cloud-based machine-learning and AI analytics while remaining in compliance with HIPAA and other privacy mandates. Shifts to value-based care along with onerous reporting requirements make recovery of the full unstructured datasets used in analysis as important as trying to shield it from attack.
Global file systems are also used to archive and store data and files quickly and at big-data scale. Healthcare institutions use these systems for archiving on-site and off-site medical image files, for instance, where the increasing costs of storage are compounded by ever-increasing data growth in healthcare settings. In some cases global file systems, which are often used by these organizations as a NAS replacement, have the capability to eliminate or significantly reduce this type of data bloat along with incumbent performance issues.
One way this is achieved is through edge caching and data-locking approaches that accelerate I/O while deduping and compressing files. Systems of this kind are meant to optimize workloads at the application layer so practitioners in clinical environments can more easily collaborate and work with files both cross-functionally and at the point of care.
In addition to these cloud-derived collaboration and access requirements, legacy storage and file services vendors did not anticipate ransomware and malware. The result is that they do not meet the cloud-native needs of most modern hospital information systems. Data in dark and unstructured formats contained within these outdated big-data repositories is not only ripe for malicious exploitation, but also generally ignored or abandoned along with the prospect of better coordinated and managed care.
The threat of a data breach has traditionally focused healthcare IT resources on stopping attacks in the first place. Secure custody of data is a particular concern when regulators come knocking on the door of the CISO or IT department. Ransomware has changed the rules of the game because the bad guys are no longer stealing data, but making it impossible to access it altogether. Locking systems down only makes the problem worse.
The continuously evolving attack surface in hospitals, medical centers and healthcare systems requires that we address the ransomware crisis differently. Threat assessments need to include an evaluation of both prevention and recovery options, as well as the value of pervasive solutions and services such as global file systems. Meeting this challenge will undoubtedly uncover better ways to preserve clinical information contained in unstructured EHR, as well as ways to tap its full potential for better patient management and medical outcomes.
Did you find this article helpful? Tell us what you think on LinkedInOpens a new window , TwitterOpens a new window , or FacebookOpens a new window . We’d be thrilled to hear from you.