By now, most healthcare leaders know that their sector is a top target for ransomware. According to a recent report from HIPAA Journal: “There were 11 reported healthcare data breaches of more than 1 million records in 2022 and a further 14 data breaches of over 500,000 records.”
The report adds that the “majority of those breaches were hacking incidents, many of which involved ransomware or attempted extortion.” Even when faced with the fact that healthcare breeches are at an all-time high, healthcare organizations continue to struggle with prioritizing needed protection. The reasons can vary across organizations but primarily relate to a focus on digitization and HIPPA compliance over ransomware protection and cyber resiliency.
Over the past 10 years, healthcare organizations have embraced digital transformation across their medical technology, communications and file systems. In addition to this, IT has been focused on gaining HIPPA compliance to keep personal health information private. The positive result of this transformation is a vastly improved patient experience along with better information privacy protections. The negative, a never-before-seen level of systemic complexity often paired with piecemeal management. The scenario is what ransomware organization find so appealing—that’s why the next step in for healthcare’s digital evolution must be ransomware protection and cyber resiliency.
Even though healthcare has poured financial resources into digital transformation, data protection and cyber resiliency investment has not kept up. Budget data reflects this. While 59% of healthcare organizations increased their cybersecurity budgets in 2022, these changes are relatively small. Most of those that planned on raising their budgets planned to do so by less than 10%, and only 11% planned to increase it by 25% or more.
The result will be that, with the growing frequency and sophistication of ransomware, along with the inadequacy of things like insurance, patient privacy, outcomes and healthcare delivery priorities are truly being put more and more at risk. The expense of an attack (on average $10 million) in addition to potential fines aligned to growing regulatory scrutiny, mean that needed financial resources that would be channeled to healthcare priorities are no longer available.
Healthcare organizations can truly no longer afford not to fully commit planning and budget towards augmenting their data protection and cyber resiliency in order to support uninterrupted patient care. Initial steps to augmenting in ways to make the biggest impact should include:
- Assess across your entire data storage ecosystem as well as all workflows to determine which areas are most susceptible to high impact events—and prioritize protection in those are.
- Start building in a closed loop process, one focused not only on protection but also detection, response and recovery—while feeding learning and intelligence back into protection to prepare for next time.
- Start to shift budget and resources in ways that go beyond compliance management in order to prioritize resilience and operational continuity.
Cyber Resiliency Solutions from Hitachi Vantara provide the fast and cost-effective protection and recovery tools needed to complement existing data protection and keep patient care constant even in the face of ransomware attacks and disasters. Designed specifically with hybrid cloud storage environments in mind, solutions offer fully transparent SLAs that translate into guaranteed data access and cost-effectiveness. The ability to deploy both on-site or within co-locations – along with granular control of data – simplifies regulatory and compliance requirements.
Related
Gary Lyng
Gary Lyng is Vice President, Product Solutions Marketing, Hitachi Vantara.