How the cyber threat will modernise healthcare IT in 2020
March 2020 by Mick Bradley, VP EMEA at Arcserve
It was only a few years ago when all the major media channels were full of breaking news of the WannaCry ransomware attack, which led to turmoil for the NHS and most importantly, the recovery of patients. Since then, we’ve witnessed a succession of high-profile attacks on public and third sector organisations. Understandably, this has kickstarted evolving attitudes towards cybersecurity in the health sector.
Despite this, ransomware attacks are still happening globally and continue to hit the national headlines. In the healthcare sector, specifically, ransomware is continuing to disrupt operations at an alarming rate. In response to this, the last few years have seen healthcare organisations adopt cloud services, revisit data security policies and invest in new security systems. But it has all failed to hinder today’s sophisticated cybercriminals, who are always looking for vulnerabilities while IT managers play catch up.
Prevention is better than cure
You’ll see in most health and social care government policies that prevention is better than cure. We often see television adverts filled with healthcare campaigns from the flu jabs to stop smoking initiatives, in hopes of preventing health problems from happening in the first place. However, what we’re now witnessing is an overdue development in healthcare IT security when it comes to preventing an outage or an attack. Unlike modern healthcare medication and treatment, cybersecurity, backup and disaster recovery plans are still lagging. With cyberattacks becoming more sophisticated, healthcare providers have no choice but to immune themselves from attacks and downtime. If not, they risk mirroring the events of the well-documented attacks in the United States, Australia, France and the United Kingdom, such as WannaCry, Ryuk and SamSam. Also, it’s not only the attackers we have to worry about, but also network issues which wreak just as much havoc.
Modern security for modern healthcare
In 2020, healthcare organisations need to take a modern approach to their IT needs. The healthcare industry has adopted modern healthcare equipment and has improved its services by going digital to keep up with the requirements of patients, doctors and nurses. This digital transformation that most providers are navigating has introduced greater cyber-risk that must be mitigated. It’s essential for healthcare IT teams to analyse and implement ways of preventing and detecting cyberattacks against their organisation to ensure the security and safety of patients and their data.
It’s inevitable, with any organisation, that network issues and outages will arise but imagine patients having to be rescheduled for critical surgeries due to outages? This is precisely what happened a few months ago. Torbay and South Devon NHS Foundation Trust’s suffered an outage, across all its six hospitals, which delayed surgeries and outpatient appointments. Even when systems were up and running, there was still a period of recovery which impacted the hospitals and patients over the coming days.
It’s clear that NHS Trusts are yet to invest in the right technologies and are left dealing with the long-lasting and devastating aftereffects of cyberattacks from financial loss to reputational damage. We also know the healthcare sector is under increasing pressure with more and more patients, understaffed departments and the increase in regulatory compliance.
To overcome these challenges, firstly, they’ll need to turn to solutions that can proactively protect them from ransomware, as opposed to recovering from every attack, rather than leaning on conventional backup which relies on recovery time and point objectives (RTOs/RPOs). To do this, they’ll need to take a two-pronged approach to data protection by combining cybersecurity, backup and disaster recovery (BCDR).
They need to invest in solutions that incorporate end-to-end security, that can detect malware and automatically take care of the threat in real-time by using artificial intelligence (AI). Implementing advanced threat detection will allow healthcare organisations to be sure that they’re able to respond to attacks as quickly as possible. Incorporating this with a backup and disaster recovery plan adds an extra layer to data protection so that backup data can be resilient against the most advanced threats.
Also, combining this with the continuous availability of data and automatic failover means IT systems can automatically go back to a point in time before the attack and access error-free data, without needing to restore manually from ransomware attacks or data loss events. Embracing the benefits of high availability will allow healthcare providers to reap the benefits of healthcare innovation and meet data protection regulations, without leaving themselves vulnerable as they can ensure that critical data can always be accessed. Time is of the essence in healthcare, and with many variables at play, hospitals will be left with no choice but to streamline their services. With more and more data needing protection and patient data privacy a critical concern, doctors and nurses sole focus must be on their day job, rather than dealing with the aftermath of a ransomware attack or outage.