Interview
Rubrik’s Richard Cassidy on cyberattacks and resilience in healthcare organisations
Rubrik’s Richard Cassidy discusses the cyber threat landscape for healthcare organisations and how to build cyber resilience with Kris Cooper.
Credit: MaximP / Shutterstock
Aslew of recent cyberattacks on healthcare organisations across the UK has underscored the need for attention to cyber resilience within the industry.
Of late, both the attack stalling operations at London hospitals and the leak at NHS Dumfries and Galloway in Scotland have highlighted the threat and what is at stake. Russian hacking group Qilin is demanding $50m from UK lab service provider Synnovis to unlock computers affected in the London attack and not leak data stolen.
Healthcare organisations are among those commonly targeted due to the high volumes of sensitive patient information they hold and the severe consequences of disrupting hospital operations. Indeed, recent research from data security company Rubrik Zero Labs found that 20% of a typical healthcare organisation's total sensitive data holdings is impacted by each successful ransomware encryption event compared to 6% for average organisations.
We spoke to Richard Cassidy, Rubrik's chief information security officer for Europe the Middle East and Africa, about what is needed to foster greater cyber resilience within the industry.
Kris Cooper: What is the landscape of cyber threats that healthcare organisations are facing?
Richard Cassidy: Ransomware is the biggest threat facing healthcare organisations, with the growth of ransomware-as-a-service intensifying threats. Cybercriminals are no longer just hackers but are savvy business operators who tend to target sensitive data for the simple reason that it holds the most value to its customers and business operations, thus offering higher returns on a hacker's investment.
While any organisation can fall victim to a ransomware attack, those that hold large amounts of sensitive data, such as healthcare, are prime targets for these groups.
Kris Cooper: Why are healthcare organisations disproportionately affected by ransomware?
Richard Cassidy: Healthcare organisations are not a new target for cybercriminals, but what makes healthcare an especially attractive target for cybercriminals are the large swathes of sensitive data that it holds across a wide range of environments and devices. Rubrik Zero Labs found the typical healthcare organisation observed by Rubrik holds 42 million sensitive data records – 50% more than the typical organisation – mainly due to the rapid digitalisation of records being created and stored.
Put simply, the amount of sensitive data that is held by healthcare organisations and the need for this to be accessible rapidly across a wide number of devices and accounts presents a greater surface area for threat actors to target, placing a strain on IT security teams.
Kris Cooper: What are the impacts of a ransomware attack, and how can organisations mitigate the danger of such attacks?
Richard Cassidy: What sets attacks against healthcare organisations apart as an industry is the scale of their impacts. Like any business, data is the lifeblood of modern hospitals. If the data is unavailable or locked away, then hospitals may need to turn back time and rely on paper records, as we have seen in the recent supply chain attack of the NHS pathology supplier Synnovis.
Additionally, the healthcare industry’s data recoverability rate after a successful ransomware attack is typically much lower than that of other industries. Healthcare organisations can expect to lose control of one in five of their sensitive data records, an estimated 394% higher than that seen in other industries. The combined challenge of dealing with sensitive patient data and reverting to manual processes prolongs disruption.
This is where the healthcare sector is unique – the stakes are higher. It is the only sector where cyberattacks pose a direct threat to individuals' lives. In order to mitigate the danger of such attacks, healthcare organisations especially should have an agreed and rehearsed protocol plan which outlines the approaches to take in different situations.
Businesses need to understand the data they need for minimal viable operations, so key services do not go down. When data may be lost, corrupted, or contaminated with ransomware or malicious software, getting back to normal operations without a plan and knowing what systems and data are needed is a nearly impossible task.
Kris Cooper: What are the key cyber vulnerabilities witnessed in healthcare organisations?
Richard Cassidy: The key vulnerabilities that healthcare organisations face are primarily focused on ensuring that sensitive data is protected and safely stored. One trend that we have identified is virtualisation. Rubrik Zero Labs found that 97% of all encrypted data in Rubrik observed healthcare organisations last year occurred within virtualised architecture compared to 83% across all industries.
Kris Cooper: Why are cloud-based systems more vulnerable to attack?
Richard Cassidy: Attackers have proven their ability to compromise hybrid environments, with 66% of cyberattacks last year targeting data stored in the cloud, according to Rubrik Zero Labs. This presents a growing challenge as organisations become more dependent on the cloud, with Rubrik observing the proportion of data stored in the cloud growing to 13% in 2023 from 9% a year prior.
The mismanagement of cloud architectures, however, continues to drive security blind spots because it stores regulated data with fewer security capabilities and less visibility than on-premises assets. Rubrik telemetry shows there are three core blind spots:
- 70% of all Rubrik observed data in a typical cloud instance is object storage, which is a common blind spot for most security appliances as it is typically not machine-readable.
- Unstructured data (such as text files) and semi-structured data represent another blind spot for security because these data types vary wildly in being machine-readable.
- More than 25% of all Rubrik observed object stores contain data covered by regulatory or legal requirements, such as protected health information (PHI) and personally identifiable information (PII).
Chief information security officers (CISOs) must address these security blind spots in their cloud architecture if they are to manage the impact of cyber-attacks. A robust security cloud helps organisations to uphold data integrity, continuously monitor risks and threats, and restore business-as-usual when infrastructure is attacked.
Kris Cooper: What can be learnt from the NHS’ responses to the recent cyber-attack?
Richard Cassidy: The recent cyberattack on Synnovis affecting NHS Trusts in London shows the impact of the disruption that can be inflicted by threat actors. In line with the National Cyber Security Centre advice, all organisations should regularly be backing up files and preparing for an incident, and the devastation that they can cause. This affords leaders an understanding of what the minimal viable business operations look like and will assist in reducing disruption by prioritising the restoration of business-critical systems. Ensuring resilience is key to securing both your files and your reputation.
Kris Cooper: How can businesses continue operating as normal following a ransomware attack, and how can greater cyber resilience be achieved across healthcare organisations?
Richard Cassidy: In the face of growing cyber threats and growing data volumes, security leaders will never be able to completely remove risk as cyberattack becomes an inevitability. What they can do is begin to understand their risk profile, work to address predictable outcomes, and take actions to mitigate these risks – particularly when it comes to the additional risk landscape that comes with healthcare organisations.
To do this CISOs must increase their data visibility, wherever it is stored, especially when sensitive data is involved. Preparation is key to ensuring operational continuity in the face of an ongoing attack to allow IT teams to rapidly recover systems. Ensuring backups are fully immutable and available, automating as much of the recovery process as possible, and continuously testing recovery outcomes across hybrid environments are actionable steps CISOs can take to improve their cyber resilience.
By addressing current blind spots, CISOs can uphold data integrity, mitigate the effects of attacks, and ensure business continuity. The most effective time to address your risk is before an attack has started, with cyber resilience being built into all data processes, as you never know where or when the next storm will appear.