The healthcare sector has been at the forefront of pandemic response. Despite being a highly regulated sector, healthcare was left with no viable option but to rely on technologies such as the Cloud to serve millions in need.
By relying more on remote technologies such as telemedicine and work from home (WFH), the healthcare industry soon became a hotspot for ransomware attacks. Between the years 2019 and 2020 alone, there was a spike of 37% in reported ransomware incidents.
The actual number may be considerably higher, as most entities in general and healthcare providers in particular do not publicly declare such an incident. However, a lot is changing on the “non-disclosure” front as well.
Recently, the U.S Office of Foreign Assets Control (OFAC) issued an advisory to all entities considering paying ransom to attackers. OFAC warned of potential sanctions on such entities, making it an advisory of significant importance and implications.
There are no two opinions that the best line of defense against ransomware is employee awareness and sensitization. This does not extend merely to the healthcare provider’s IT staff, rather each functional area of the entity.
It also includes health professionals such as physicians and medical consultants that are leveraging remote technologies such as telemedicine. The other critical component of ransomware protection is having sound Disaster Recovery (DR) and continuity plans.
To justify investments in having a robust DR and BC plan in place, in the event of a ransomware incident, IT personnel will have to quantify the financial and regulatory impact of a ransomware attack and convey it to the board members for prompt approvals.
Healthcare related data and information are so sensitive that a preventive approach is the best defense mechanism. Keeping in line with the regulatory guidelines, establishing DR and BC in the Cloud could be a good proposition for the healthcare sector.