Share on facebook
Facebook
Share on twitter
Twitter
Share on linkedin
LinkedIn
As a healthcare provider, you store a lot of patient data.
Medical records, insurance and payment information, as well as personal contact information for your clients.
Unfortunately, this can also make you a prime target for cybercriminals and ransomware attacks.
The data you store could be targeted by bad actors who then use it to extort patients, commit identity theft, or just hold your data ransom until you pay them, with the threat of permanently damaging or encrypting it.
And, the bad news is, an increase of ransomware attacks, and the cost of insuring a practice against them is driving more and more doctors to quit the profession.
Today we’ll look at the breach at Wood Ranch Medical breach, and why it’s so important to have a robust data back-up strategy in your health care practice.
What Happened At Wood Ranch Medical?
In September 2019, Wood Ranch Medical had to send out a letter no health care provider ever wants to have to send.
This was to inform clients their system had been targeted in a ransomware attack and that because they were unable to recover the data that had been targeted, they would be closing down the practice altogether.
The attack on Wood Ranch Medical occurred in August of 2019, and resulted in data being damaged so gravely that recovery became impossible,
Information affected included information such as names, dates of birth, insurance information, and health data. However, there is no indication cybercriminals were specifically going after personal data, just looking for payment in order to release the information back to the practice.
The clinic was faced with the choice of paying a ransom for the data to be restored, or going out of business.
On the advice of the FBI, Wood Ranch Medical decided not to pay the ransom being demanded of them.
Unfortunately, in these cases, and even when the ransom demands are met, it’s not uncommon for the data to never be fully restored.
Wood Ranch Medical must also now provide clients whose information was compromised in this attack with credit monitoring services to guard against identity theft.
What Can We Learn From This Breach?
Unfortunately, because their backup drive was attached to their main server, when the main server was encrypted, the backup was also encrypted, leaving them unable to restore client information.
The main takeaway from the Wood Ranch Medical breach highlights the importance of having a robust backup server as part of your data recovery strategy.
This server makes complete backups of your entire system at regular intervals, including files, software, and your operating system.
It’s very likely if they’d had appropriate backups in place, the breach and fallout at Wood Ranch Medical would have been preventable.
Data Backup Principles
Some key backup principles which can help in the event of an attack include:
- Backed up data should be encrypted to ensure there is no unauthorized release of data to a third party if a backup drive is lost or an unauthorized party gains access to the backup server
- Use the 3 -2 -1 rule, which means three copies of data (original plus two backup copies) on two different types of media (for instance virtual server, cloud storage, external drive, or USB)
- Have at least one onsite, and one offsite (for instance cloud storage) backup
- The server should also have mirrored hard drives, in case one fails
- Get proof of your system backing up on a daily basis
- Disconnect drives once backups run to prevent them from being compromised in the event of an attack
There are different types of backups, including:
- File based backups: These are relatively cheap, but won’t be encrypted, and recovery is slow
- Image Based backups: These are still fairly inexpensive, but also have slow recovery times
- Virtualization: This type of backup will cost a little more money, but allows for near instant recovery of data; it essentially creates a duplicate copy of your server
SEE CHART BELOW
Creating a virtual copy of your system allows you to easily restore your data in the event of a system failure, virus, or ransomware attack.
Performing security risk assessments on a regular basis so you can identify and repair breaches in your system is important to protecting your data, so you don’t find yourself in a situation like the one which occurred at Wood Ranch Medical.
In addition to regular security risk assessments, you should be testing your backup systems at least twice a year.
The test should show you how long it takes to recover information if you lose access to your server, in order to understand what your recovery times are.
Recovery times will vary depending on what sorts of files you are storing and how quickly you require access to them.
Finally, ensure you have a disaster recovery plan in place, should the worst happen. This doesn’t have to be super complicated, but should detail how you would react and who to call in scenarios such as:
- Server crash
- Fire
- Theft
- Flood
- Ransomware
Get Help With Ransomware Prevention
Are you ready to better protect yourself from ransomware attacks?
Do you need guidance for performing a security risk assessment on your IT systems?
Get in touch today for all of your IT Security needs.