Cybercrime is ramping up, Russia is primed to attack: What can CISOs and CIOs do?
Photo: CloudWave
Cyber and ransomware attacks on hospitals will increase and become more sophisticated, most healthcare cybersecurity experts contend. With President Biden warning just yesterday that private-sector organizations should be prepared for Russian cyberattacks as part of the country's unprovoked war with Ukraine, the situation could only get worse.
In healthcare, many other issues are making cybersecurity more challenging: chronic staffing shortages, an increase in remote work and rising complexity in maintaining the day-to-day cadence of IT operations.
Then there is the need for immutable back-ups. In cases of ransomware, too often the existing backups are infected along with the primary production environment. An immutable backup is essentially a standalone copy with separate security that is locked to prohibit edits. Hospital insurers may begin to require immutable backups, similar to the way multifactor authentication became a mandate.
On another front, healthcare has primarily invested in reactive security technologies. As the frequency of attacks becomes increasingly high, hospitals may need to consider moving away from the reactionary period in the market. Executives may need to proactively implement new technologies to help mitigate attacks.
Healthcare IT News sat down with Erik Littlejohn, CEO of CloudWave, to discuss these cybersecurity issues as well as cloud security issues.
Q. How will healthcare staffing shortages contribute to cyber and ransomware attacks on hospitals increasing this year, and potentially becoming more successful?
A. Chronic staffing shortages and remote work are increasing security challenges. Many hospitals have not heavily invested in advanced software and security tools, requiring a lot of manual processes and physical eyes on threats. Add the Great Resignation and the scarcity of local IT talent, and you have a recipe for disaster.
Healthcare staffing shortages have resulted in a growing number of hospitals using outside agencies to bring in temporary staff, which opens IT systems up to human vulnerabilities. Additionally, most workflows have transitioned to self-service online tools with remote connectivity.
Increased turnover also means having to onboard and off-board more frequently, requiring heightened diligence for security practices. Each individual needs to be aware of their impact. Many hospitals have IT resources that are single-threaded and hard to replace. There may not be skill sets available in the geographic location where they are needed. The reality is that healthcare is competing with other industries and companies that allow for remote work.
These factors and many more are contributing to increasing cyber and ransomware attacks on hospitals in 2022.
Q. What is an immutable back-up and how can it help with cyberattacks?
A. An immutable backup is an extra standalone copy with its own distinct security protocols, locked to prevent encryption, edits and deletes. It adds "air gapping," meaning the protected extra copy is separated from the rest of the data storage and IT environment, and particularly from the domain structure, for an extra layer of insurance.
Health IT administrators were previously concerned with hardening copy one and it was acceptable if copy two was just "OK." In today's environment, where data is both growing exponentially in volume and more critical than ever to powering healthcare, a solid third option is needed that is restorable and clean.
In addition, we're seeing malicious actors specifically targeting backup infrastructure in their attacks, because they know a valid backup is the best way to foil their plans to disrupt operations and extort ransom. Immutable backups provide a solution to these challenges.
Therefore, if a catastrophic event occurs, where a healthcare organization's primary and secondary data centers are corrupted, this third copy – the immutable backup – can be restored much more quickly than working around corrupted primary and secondary copies.
This becomes a critical element in recovering from a ransomware attack as the restoration of the immutable backup is done without needing to pay the ransom. Therefore, we are seeing more and more hospitals and their insurers require immutable backups.
Q. You suggest that healthcare provider organizations must move from reactive to proactive technology investments. Please explain.
A. As the frequency of attacks is becoming so high, many hospitals are moving away from the reactionary period. Executives now need to proactively implement new technologies to help mitigate attacks and keep up with evolving threats.
For example, new solutions use AI to be more predictive and are faster to respond to emerging threats. Modern security technologies can also help offset staffing shortages, and flag what is important to focus on as the current frequency of incidents and alerts can create a lot of "noise."
With a highly remote workforce, the problem is significantly more complex, as there are hundreds of locations and personal networks involved, rather than just the "four walls" of a hospital environment.
Older investments are simply no longer cutting it. For example, shutting off access after multiple password attempts is not effective, because bad actors are not trying to figure out what the password is. They already have it. It's like buying a new lock when the cybercriminals have the key.
Another trend that is driving hospitals to be more proactive in technology investments, particularly related to security, is that insurance companies are taking a deeper look at process and procedure.
Q. Many hospital CIOs are determining the post-pandemic operating model and looking at how cloud technology can help manage that. What does this mean for cybersecurity and cyberattacks?
A. The cloud brings cybersecurity advancements that individual hospitals may not be able to invest in independently. This scalability of the cloud is an important benefit.
The pandemic broadly taught us that the just-in-time world was too fine-tuned. Today and in the future, many industries will need "burst" capacity, regardless of supply chain. If something on the scale of the COVID-19 pandemic were to happen again – where increased capacity of remote connectivity becomes critical – successful organizations will be expected to adapt on the fly.
Most of us didn't value and think about IT flexibility that much in the past. However, organizations simply need more flexibility to deal with the nature of the world today.
They must prepare for future resiliency, and plan ahead for network capacity, bandwidth, hardening assets and critical resources, because everyone is going to be chasing the same things. The cloud helps provide scalability and flexibility.
Resiliency used to mean hardening, but now it means more flexibility. Prolonged workflows on backup – like paper and pen – are not going to work. Healthcare IT leaders need to focus on speed and agility to recover and restore normal operations, and the cloud is a huge asset for enabling that.
Another area to focus on in the future is the IT supply chain. It's important to evaluate potential vendors and products for vulnerabilities. An example of this is the recent SolarWinds event. Supply chain risks and third-party risk-management are big topics to address across the board in the coming years.
Twitter: @SiwickiHealthIT
Email the writer: bsiwicki@himss.org
Healthcare IT News is a HIMSS Media publication.