As the Risks of Ransomware Elevate, Where Are Healthcare Providers Most Vulnerable?

Published On November 25, 2020

In today's healthcare ecosystem there are seemingly infinite sources and formats of data - which is growing at a CAGR of 36%. At the same time, roughly 60% to 80% of IT budgets are tied up in maintaining legacy applications and mainframe components. In the face of these dynamics, it is extremely difficult for health IT leaders to allocate the full scale of budget and resources required to ensure their data protection infrastructure and policy keep up. In fact, today only 4% to 7% of a health system's IT budget is in cybersecurity, compared to about 15% for other sectors such as the financial industry.

Yet budget isn't the only challenge. The complexity of managing cybersecurity has exponentially grown. The pace at which cybercriminals evolve their attacks has accelerated while the sheer volume of attacks continues to climb.

Vulnerabilities in the healthcare ecosystem

With all that in mind, let's take a look at the vulnerabilities most commonly exploited in the healthcare ecosystem:

• Experts attribute healthcare's risk "to inadequate security practices, weak and shared passwords, plus vulnerabilities in code, which can expose hospitals to perpetrators intent on hacking treasure troves of patient data."

• 60% of hospital representatives and healthcare IT professionals in the U.S. identified mail to be the most common point of exposure due largely to phishing scams.

• IT research firm Gartner predicts, more than 25% of cyberattacks in healthcare delivery organizations will involve the Internet of Things (IoT), more specifically wirelessly connected and digitally monitored implantable medical devices (IMDs).

• Research suggests medical devices have an average of 6.2 vulnerabilities with 60% of medical devices at the end-of-life stage, with no patches or upgrades available.

A multi-tiered data protection strategy has proven effective

In order to evolve with the ever-expanding security risks of today's increasingly virtual healthcare environment, health IT leaders must rethink the manner in which they protect their growing archives of data and the hardware and systems used to manage it. Shifting to a multi-tiered data protection strategy is proving to be an effective means by which healthcare providers can control costs while keeping up with the changing face of cybersecurity threats and requirements.

A multi-tiered data protection strategy addresses archiving, back up, recovery, and cybersecurity requirements by aligning the data protection method to the data use. This approach is founded upon the following tiering best practices:

• Active data that is frequently accessed should remain in a nearline storage tier.

• Inactive data that is infrequently accessed should be moved to an offline storage tier.

• Devices such as laptops, tablets and mobile devices should be backed up to a storage tier that offers fast restoration and disaster recovery capabilities.

• Legacy data and systems should be protected using a fully-managed service that provides restoration services as needed.

This approach has proven to effectively reduce risks associated with ransomware and cyberattacks, decrease storage costs, and ensure compliance.