Ransomware has become a major issue at health care organizations. There were 11 healthcare breaches of more than 1 million records in 2022, and an additional 14 data breaches of more than 500,000 records, reports the HIPAA Journal. The majority of the breaches involved ransomware or attempted extortion.
Healthcare security pros understand the risks, but many struggle shifting their organizations to implement enough data protection. The reasons vary, but relate to a focus on digital transformation and HIPAA compliance versus implementing a ransomware defense.
A ransomware incident costs around $10 million, plus additional fines because of more aggressive regulations, so healthcare organizations can no longer afford to overlook data protection.
Here are four recommendations from HitachiVantara to help healthcare organizations improve data protection:
1. Establish central management. Establish a central management system that reaches across a hybrid cloud and lets organizations set up storage, analyze the data inside that storage, automate processes, and have enterprise data protection. This view of the data storage delivers visibility without having incurred a massive investment in extract, transform and load (ETL). Hitachi Ops Center helps organizations understand the characteristics of their data storage at the fundamental hardware level. It’s the foundation for developing the ability to identify unexpected I/O patterns that are potentially the signs of ransomware.
2. Orchestrate data replication. Organizations must make the most efficient backup copy of their data, using the smallest footprint and keeping recovery time down. Hitachi Ops Center Protector executes backups using block-level snapshots to improve resiliency. The system creates blocks at any increment of minutes, hours, days, or weeks. But importantly, the snapshots are tiny, making recovery very fast, and blocks can only get reassembled by a Hitachi Vantara system that knows the correct order of blocks.
3. Reduce the attack surface. Hitachi Virtual Storage Platform arrays hide or veil the size of logical devices from attackers. This works in concert with the fewest possible snapshots to protect vital data as multiple backup copies increase the visible surface area for attackers to exploit. Additionally, protection at the storage level hides and protects the organization’s mitigation strategy from threat actors, increasing the chances of successful data recovery.
4. Turn on immutable storage. Immutable storage sets a timed lock on the data, and until that clock runs out, it’s not possible to alter or delete that data. With Hitachi Vantara storage arrays, the timer, using the data retention utility, gets set by the customer based on need. Once set, an administrator cannot change the timer. Instead, the company must open a support ticket with Hitachi Vantara. Approvals are then logged from multiple people from the company before the organization dispatches an engineer to make changes on-site.
By following these tips, healthcare organizations can implement a more automated data infrastructure, one that will frustrate ransomware attackers and foster rapid, reliable recovery.