The team from BridgeHead Software joined us for one of our HTN Now Focus events this March, offering advice and insights into what healthcare organisations can do when ransomware and malware strike, as well as sharing the essential requirements of a good data protection strategy.
In this webcast, the data management experts sharing their learnings and experiences consisted of Gareth Griffiths, Executive Director & RAPid™ Product Manager, and Andrew Clark, Business Development Manager.
To introduce and breakdown the primary themes of the webcast, Andrew said: “I am going to begin by setting the scene. We’re going to look at some market trends; the consequences of not taking action; expanding the data protection conversation to look at the risk posed by legacy systems; and that’s going to followed by Gareth, who’s going to be focusing on what your back up strategy should be, six actions you should take now, and his three key takeaways. I will then conclude with a brief introduction to BridgeHead, and we will finish off by answering any questions you might have.”
A huge rise in attacks
Providing some background context on the effects of ransomware on healthcare in the here and now, Andrew commented: “There’s been a huge rise in attacks with a 500% increase since the pandemic began. There’s been a particular focus on healthcare and a spike in healthcare organisations attacked. Over 81% of these organisations have been attacked in the last 12 months alone.
“We are seeing these attacks in all different types of data across clinical, administration and corporate systems. This has led to a massive attention being paid by the NHS to identify trusts and other NHS organisations that need extra work on their data protection strategies. For example, during the last two years, around 130 cybersecurity audits have been carried out on NHS organisations. Interestingly, three common themes were identified from these audits: using a 3-2-1 data backup model, administration management and immutability, which we will discuss during this session,” Andrew explained.
Andrew then discussed how specific funding attention is being paid, across different healthcare organisations, to cyber-related backups, where he said: “The Unified Technology Fund, for example, has been used to help support the NHS to improve its data security. BridgeHead has several customers who have accessed these funding streams.”
Increase in targeting backups
On the emerging trends within malware and ransomware attacks, Andrew added: “Traditionally, malware attacks focus on the front door operating systems and production applications, however more sophisticated attacks are increasingly targeting backups.
“The consequence of this is that it removes your ‘get out of jail free card’ – no longer can you rely on backups being left untouched, and therefore your route out of a cyberattack. Very often, we see that malware lays dormant in preparation to become battle ready. Consequently, you need depth in your backups so you can roll back to the appropriate period in time before the malware infection.”
Andrew then turned his attention to the consequences of inaction when attempting to deal with a cyberattack, commenting: “When we look at the consequences of doing nothing, we can see that the increase in reliance on technology to support patient care means when systems go down – even for only a short period of time – they can have a direct impact on increasing the amount of time it takes to treat a patient – with an adverse impact on their length of stay due to delays in treatment and test results.
“Without the right patient data available at the right time, this can lead to more complicated procedures. And, unfortunately, cyberattacks have had a direct impact on increased patient mortality rates. This reinforces the message that without the right backup strategy in place, data can be hard to retrieve and restore, which can have very serious consequences, “Andrew said.
Developing a robust security strategy for healthcare
Andrew then handed over to Gareth, who offered some practical tips and advice on providing the right data backup strategy. Gareth introduced his presentation by building on Andrew’s notion that cyberattacks on healthcare organisations are increasing, where he added: “I saw a report recently that if global cybercrime was a country, it would be the third largest economy, behind only the US and China.
“Now, it is our belief that this growth is unsustainable, and that we do have the tools to make it unprofitable – but until we use them, cyber-attacks will continue to grow. Of course, ransomware is only one aspect of cybercrime, but it is the one that keeps us awake at night. So, we have to assume your systems may get infected. Although you will do your best to avoid, it’s likely to be a case of when not if.”
Completely disregarding the notion of giving in to ransomware and paying, Gareth discussed the correct and safest way to recover quickly from a cyber-attack, as well as the difficulties in implementing a good backup strategy, in which he added, “In order to recover you must have good backups – yeah, obvious. But that’s actually one of my first concerns.
“Making the backups ‘good’ is really important – resolving any reasons as to why a backup failed should be urgent. But so often resolving backup issues has to compete with other priorities. How many of us have a dedicated backup team these days? Backups are generally automated and are set to run to a schedule. But I can tell you that nothing shows up issues in your infrastructure as well as backups.”
“Backups copy large amounts of data as quickly as possible, so any parts of the systems or network that have issues under load is readily exposed by backups,” Gareth explained.
The problem with frequently rerunning and resolving backups, Gareth commented, is “it’s generally less urgent than dealing with an application that’s down or unavailable due to the impact on patient care. But the danger is that all too often backup issues get deferred. Because nothing bad happens immediately when a backup fails, all too often sorting it out gets pushed back – until of course one day disaster strikes.”
Turning strategy into action
Moving on to the action healthcare organisations should now take to protect against cyberattacks, Gareth said: “keep your software up to date. New vulnerabilities are being uncovered all the time and you can be sure that the bad actors are keeping up to date with new discoveries.” When Gareth talks about keeping software up to date, he is referring to all of your software applications, “as some might include embedded software – like the recent Log4J vulnerability that was found in most software written in Java.”
“It also means”, he continued, “keeping your backup software up to date because that’s just like any other application: built using standard tools and libraries, which have to be up to date.”
Sharing his key messages to take away in protecting and recovering from cyberattacks, Gareth said: “If you take nothing else from this presentation remember these three points: One, 3-2-1 is good but it’s not enough, we need depth; two, protect the backups with air gaps and immutability; three, practice doing disaster recovery tests until you can do them quickly and smoothly – don’t be forced to pay the ransom.”
To conclude the webinar, Gareth handed over to Andrew, who said: “In the UK, BridgeHead supports many healthcare organisations across the NHS and the private health care sector. We have had several customers who have experienced cyber-attacks – reinforcing Gareth’s point that ‘it’s not if but when you will be attacked’. In one instance, a customer was hit and because they were using BridgeHead, they were quickly able to restore their data from their backups.”