The COVID 19 pandemic has magnified cyber attacks on healthcare institutions. Huzefa Motiwala, Senior Director, Sales Engineering, Commvault in an interview with Viveka Roychowdhury explains what healthcare institutions should do to protect health data
The COVID-19 pandemic has seen WFH increasing but also hacking into teleconferencing apps like Zoom. Have there been cases of healthcare institutions being victims of data theft hacking during these times? Kindly share details
With patient data being so plentiful and abound across the globe, the threat of malicious activity has never been greater on the healthcare domain. As data volumes continue to grow tremendously, keeping everything under control has become almost impossible for many healthcare institutions, leaving them ill-equipped to recover critical information in a timely manner.
COVID-19 has evidently magnified the ransomware threat on the healthcare sector to manifolds. In fact, Google threat analytics group has also recently reported that healthcare organisations, public healthcare agencies, and the individuals who work there are becoming new targets for cybercriminals as a result of the pandemic.
Want to publish your own articles on DistilINFO Publications?
Send us an email, we will get in touch with you.
Cyber attackers are becoming more notorious and are unabashedly targeting governments, healthcare bodies and healthcare professionals alike. World Health Organization (WHO) has recently revealed a fivefold increase in the number of cyberattacks directed at its staff, since the start of the pandemic. In India, Kerala government’s e-health portal faced a similar data theft attempt in the month of April.
Ransomware is no longer just a cyber threat; it has become one of the biggest security nightmares for businesses and economies ever. It comes as no surprise that authorities including, WHO, FBI, Interpol, and United Nations have issued ransomware warnings across the globe, specifically aimed at healthcare institutions.
After a ransomware attack, tensions are high, and the hospital is on the clock to make a decision. Saying it is not the best time to make an optimal decision is a huge understatement. Only by addressing the issue in advance, can healthcare bodies rationally think through both scenarios so they can quickly make the right call during an attack. Ultimately, data is your worst foe but also your best friend. If the healthcare system can ensure that there is a daily data backup stored off-site, it can immensely increase the likelihood of recovering critical patient data without paying.
While other sectors have invested in securing their data, have hospitals kept pace globally and in India? If no, why not?
In 2017, Commvault, in partnership with HIMSS Analytics, conducted a study which revealed that less than half (48 per cent) of surveyed Healthcare IT professionals expressed confidence in their organisation’s overall level of cybersecurity, with only 37 per cent claiming to be using cutting edge technology. Unfortunately, the situation has worsened since then, with data breaches costing the healthcare industry a whopping $4 Billion in 2019 alone.
As we continue the struggle amidst COVID-19, there are three fundamental truths regarding healthcare data – it is growing, it is siloed, and it is under attack. As seen by the recent spike in ransomware attacks targeting healthcare organisations in India and the rest of the world, the security of patient information is at constant risk. Apart from the immediate impact of a data breach (downtime, data restoration, potential ransom payment), healthcare entities are at risk of damaging their operations by losing the confidence of their customers.
While none of the industry has seen significant use-cases of digital technologies and growth like healthcare, their digital readiness is far from ideal. On one hand, innovative technologies such as cloud computing, artificial intelligence and machine learning are dramatically changing the way patient care is delivered, on the other hand, it is also creating a deluge of data – data that has to be accessed in new ways and protected to secure privacy and protect quality.
Unfortunately, health systems’ focus on patient care continues to outpace investments in cutting-edge IT. Combine that with ongoing reliance on legacy IT systems and the high value of patient data on the black market – and the result is a prime target for hackers.
Moreover, multiple forces – including growing mission-critical data volumes, stricter regulatory requirements, high-costing legacy picture archiving and communication systems (PACs), increasing industry consolidation and shrinking IT budgets – are further increasing the complexities, along with a lower downtime tolerance.
Addressing the negative impacts of a disjointed approach to data management ultimately comes down to implementing a unified approach to data management – that delivers the security healthcare organisations require, plus the infrastructure that scales easily and cost-effectively to keep the critical applications and database environments protected.
How are medical institutions more vulnerable to ransomware and cyberattacks?
Healthcare industry has always been a favourite among cybercriminals. Who doesn’t remember the infamous WannaCry ransomware and how it cost UK’s National Health Service (NHS) a massive £92million monetary losses due to downtime? With the global healthcare market standing at a whopping $11.9 Trillion, it is a very lucrative choice for cybercriminals to ignore.
Though it’s only been just a few months since the devastating COVID19 pandemic swept the globe, the virus has inadvertently fuelled the ever-present danger posed by cybercriminals and the increasingly sophisticated tools and methods they employ.
The healthcare sector has been hit particularly hard, where stories are emerging from actual patients and caregivers who had been directly impacted by the attack: fake contact tracing apps, postponed COVID-19 treatments, delayed medication administration, hindered medicine research and so much more.
Clearly the industries that are investing the most, are those that are less negatively affected by COVID-19, such as healthcare. But it’s actually these verticals that are often the least progressed in their digital transformation journey. As the World Health Organization (WHO) is currently experiencing, cyber attackers will forever be one step ahead of threat detection software. In fact, a recent report by Microsoft highlights that cybercriminals are capitalizing on people’s fear to carry out more COVID-19 themed cyber-attacks.
As there is no surefire way to prevent vulnerability to cyberattacks (“it’s not if, but when, you will become a victim”), data backup and management play a critical role in an overall cybersecurity defence strategy. Ultimately, the best insurance plan against ransomware is a centrally managed backup solution that prevents the infection from entering backed up files, ensuring these can be recovered in a crisis. As the healthcare industry continues to fight off cyber criminals while it battles worldwide spread of COVID-19, this is a good lesson for all organisations to get their data protection strategy in place, before the disaster strikes.
Source: Express Healthcare