We’ve had a lot of articles about ransomware on this blog over the years, and for good reason. For roughly a half decade, healthcare organizations have been (and will likely continue to be) irresistible targets for cybergangs looking to carry out ransomware attacks. Case in point, just look at the recent May 1st attack on Scripps Health, which has left their computer network and related applications down for nearly a month (as of the writing of this article, a large portion of their systems were still down).
Readers who have been keeping up with the news lately are probably also aware of the recent ransomware attack on the Colonial Pipeline that brought operations to a halt and briefly sent gas prices soaring due to a sudden surge in panic buying at the pump (and ultimately cost them $4.4 million in Bitcoin to pay the ransom that would get them back online).
As we’ve mentioned before on this blog, we were a bit premature when we talked about the “Ransomware Explosion” back in 2016. If the last five years have shown us anything, it’s that the so-called “Ransomware Explosion” was not an explosion at all, but actually just the start of a long-term string of attacks that have only grown more widespread and sophisticated over time. Considering the amount of ransomware activity already seen this year, coupled with the fact that ransomware’s frequency usually seems to peak around the month of October, it looks like 2021 could be the worst year yet for ransomware attacks.
In this blog, we will take a look at the continuing threat of ransomware attacks in healthcare, as well as how the use of secure cloud-based EHR systems can minimize the risks associated with them.
Healthcare Remains a Big Ransomware Target
Attacks on healthcare have not leveled off over the years, as one might expect. It appears we have yet to hit a peak for such attacks, as the healthcare industry just experienced a 45 percent increase in cyberattacks in 2020. And the success rate for such attacks are scary high, with 86 percent of organizations suffering from a successful cyberattack in 2020. Not surprisingly, the bulk of these attacks were carried out using the delivery of malware and/or ransomware.
86 percent of organizations suffered from a successful cyberattack in 2020
This longstanding string of ransomware attacks has not escaped the attention of industry organizations or federal law enforcement. Just recently, the American Hospital Association (AHA) urged the U.S. government to take a more proactive "fight on terrorism" approach to ransomware. They want federal law enforcement to start doing more to combat the threat than simply posting warnings, as the FBI did recently to warn the public against the new Conti ransomware variant. For the time being, however, it looks like practices are still very much on their own in dealing with ransomware attacks. That being said, there are proactive initiatives you can take to protect your business.
A Secure Cloud Environment Offers More Protection & Lessens Security Burdens
While it is still highly important for practices to implement the appropriate level of cybersecurity training and maintain best practices to keep their credentials and onsite networks secure, there is another thing that can be done to minimize the risks associate with ransomware attacks—using a secure, cloud-hosted EHR and Practice Management (PM) system. Let’s take a look at why this is the case.
Ransomware is usually first uploaded to a machine (computer, device, etc.) and then spreads throughout the onsite network to which that machine is connected, infecting other machines before suddenly activating and locking them all down so they cannot be unlocked without an encryption key that only the attackers possess. To recover the now-locked onsite network and its stored data, the afflicted practice must either pay a ransom or endure weeks of acquiring new hardware (along with the associated costs) and recovering incomplete data from backups (hopefully).
With a secure cloud system, however, your EHR and PM data is not stored on your practice’s computers or onsite network. Therefore, even if you find yourself locked out of your computers or devices due to a ransomware attack, your EHR and PM data remains safely stored in a secure and separate cloud. As a result, all that is needed to recover access to said data would be to acquire an uninfected computer with a clean and secure internet connection.
Additionally, secure cloud services employ what is known as a “Shared Responsibility Model,” in which certain data security duties are the responsibility of the cloud provider. You see, in a cloud environment, your host/provider takes the bulk of the traditional data security burdens off of you and your staff by assuming a number of operational duties. In this shared responsibility model, different facets of security ownership are often clearly defined in a Shared Responsibility Model Agreement. The Shared Responsibility Model of a cloud-hosted environment makes it possible for your practice to maintain a secure data environment with far less operational overhead.
To learn how Nextech can help your practice implement an integrated, secure, cloud-based EHR and PM system, simply fill out this form and a member of our team will be in touch soon!