Is your medical practice a perfect target for ransomware?
Reading, 17 January 2020 – Since the early 2000s, medical professionals have increasingly been choosing electronic patient records over paper.
Although digital records are certainly easier to access and harder to lose or destroy, they are by no means immune to disaster – and organisations have more to worry about than just fires and floods.
The threat of ransomware is on the rise, and medical practices are a favourite and frequently soft target. The global healthcare industry lost an estimated $25 billion as a result of ransomware in 2019, as calculated by the Cyber Risk Management (CyRiM) project at Nanyang Technological University in Singapore.
Ransomware on the rampage
Reports by the HIPAA Journal show that most major healthcare data breaches in the US now result from ransomware attacks.
In September 2019, the single largest breach potentially compromised over half-a-million health records. The biggest breach was a ransomware attack on the Betty Jean Kerr People’s Health Centres. The organisation decided not to pay the ransom, but was unable to recover data that had not been backed up.
A ransomware attack on a medical centre in California was so severe that it had to close its doors last December. Attackers locked the practice’s system containing patient records, making them unrecoverable.
According to the HIPAA, the breach “highlights just how important it is to ensure that a viable backup copy of all data is created, that the backup is tested to make sure data recovery is possible, and that at least one backup copy is stored on a non-networked device”.
At the end of 2018, for example, Ferguson Medical Group was hit with a ransomware attack. They did not pay the ransom and while they were able to recover most of their data from backups, they still lost three months of files and documents. This could have been prevented with up-to-date backups.
UK worst hit
The UK was the region worst hit by ransomware in the first half of 2019, with attacks rising by 195% compared to 2018, as reported by SonicWall.
More recently, in November 2019, the staff at a large hospital in Rouen, France had to resort to using pens and paper after a ransomware attack put 6,000 computers out of commission. Ransomware is real, and can unexpectedly cripple any enterprise that is not prepared for it.
A press release issued by Australia’s Department of Premier and Cabinet after a ransomware incident shows how damaging such an attack can be to daily operations – and to an organisation’s reputation.
It stated: “This isolation has led to the shutdown of some patient record, booking and management systems, which may impact on patient contact and scheduling. The affected hospitals may need to reschedule services where they don’t have computer access to patient histories, charts, images and other information.”
Protecting your practice
Ransomware criminals rely on the value files hold for you to coerce you into paying a ransom.
Cyber-criminals typically target backups, leaving your on-prem backup server susceptible to a ransomware attack. With Redstor, your backups are isolated from the production environment and data is encrypted during transfer and at rest.
If you have up-to-date backups and the ability to restore them instantly, cyber attackers cannot hold your practice hostage.
With Redstor, you can backup as often as you want, then customise granular retention to reduce your number of backups over time without losing any data.
When disaster strikes, whether natural or orchestrated, our trademarked InstantData technology allows you to regain access immediately to your backed-up files on a new physical or virtual machine.
See our success stories to learn how Redstor has helped practices like CVS Group and Teva Veterinary Clinic.