Defending healthcare systems against ransomware attacks [Q&A]

Ransomware attacks target industries across the board, but they're of particular concern in the healthcare sector where an attack can mean not only data is at risk but lives too.

We spoke with Amitabh Sinha, chief strategy officer and co-founder of Workspot, to discuss the productivity and patient care aspects of these attacks as well as how modern ransomware recovery strategies can help to ensure mission-critical operations can continue, even during an attack.

BN: How has the landscape of ransomware attacks evolved in recent years, and what new challenges do organizations face?

AS: Ransomware attacks have increased in both volume and sophistication to where all organizations must consider when -- not if -- a ransomware attack will occur, and how to respond as quickly as possible to mitigate the ill effects of the inevitable attack. Organizations thus face the following primary challenges:

• Point of Attack: The 'point of attack' for ransomware can be almost anywhere in an organization, but the end-user endpoint device, especially if it's running Windows, remains a particularly vulnerable target. Moving from physical Windows devices to virtual apps, browsers, desktops, and web apps should be considered
• Zero trust security success: IT's efforts to secure a Windows PC by fully managing it has not been successful. IT needs to explore a zero trust access model, where security is delivered without having to fully trust each end point.
• End-User Access and Control: To minimize ransomware target scenarios, organizations need to consider not just security but fine-tuned control over end-users' operations on their virtual desktops. This entails accessing, monitoring, and determining the apps and functions users can access -- and perhaps more importantly those they should not -- including the location they’re engaging from, and the types of devices they use. Narrowing this down by use case can help shrink ransomware targets.

BN: Recently, many healthcare organizations, including Change Healthcare, have been victims of ransomware attacks. In fact, the healthcare industry was the primary victim of ransomware attacks in 2023. In what ways are ransomware attacks impacting patient care?

AS: Ransomware attacks are impacting patient care in two primary ways: IT focus and budget.

From an IT focus perspective, healthcare IT teams now spend an inordinate amount of time trying to figure out an effective ransomware protection strategy as well as a rapid response strategy in anticipation of an upcoming attack. This directly impacts organizational budgets, since more of the CSO and CIO budget funds must be directed to this area as opposed to innovation which could potentially drive greater efficiencies and ultimately improved patient outcomes.

BN: What are the most common mistakes organizations make when preparing for or responding to ransomware attacks?

AS: One of the biggest mistakes is not having a well-defined plan for how to recover, operationally, as quickly as possible after the attack occurs and limit the attack's radius in the enterprise. Organizations must develop a comprehensive strategy for swift operational recovery and containment. This includes a high-level plan for responding to ransom demands, coordinating with authorities, and determining negotiation, law enforcement, and financial strategies.

BN: What role do disaster recovery plans play in mitigating the effects of a ransomware attack?

AS: Backup and disaster recovery plans are critical for mitigating the effects of ransomware attacks, as they give organizations the best chance to quickly regain operational functionality after such an incident. For critical databases, workloads, and key IT elements, having reliable backups and a swift recovery process is essential to resume operations.

Advanced end-user computing solutions, such as cloud-native Virtual Desktop Infrastructure (VDI), play a significant role in ransomware recovery by providing pre-configured virtual desktops that are ready for use immediately after an attack. These technologies provide several capabilities including:

• Pre-configured virtual desktops: Users can access clean, functional desktops in different cloud regions, ensuring quick recovery.
• Cost efficiency: The pay-as-you-go model activates desktops only during recovery, minimizing costs under normal conditions.
• Automated user assignment: The system can automatically assign users to clean virtual desktops.
• Scalability: IT teams can plan to accommodate all users in a recovery scenario.

These solutions enhance organizations' disaster recovery strategies and help IT teams achieve rapid recovery, often within an hour of an attack, ensuring minimal downtime and continuity of business operations.

BN: What advantages do modern ransomware recovery strategies offer to the healthcare industry?

AS: In healthcare, modern ransomware recovery strategies can help assist with the most critical task, which is to keep patients under the best care to achieve the best outcomes. Tightly managing and controlling endpoint devices, deploying a multi-network, multi-region, multi-cloud approach, and including multiple forms of automatic backup to a standby network, region, or cloud can help immensely to keep critical patient care up and running even after a ransomware attack has occurred and some form of conclusion is being negotiated.

Image credit: PeopleImages.com/depositphotos.com