When ransomware shutters the ER, cyber resilience can help teams mitigate the damage | perspective | #ransomware | #cybercrime

COMMENTARY: What happens when a stroke victim gets rushed to a hospital, only to find imaging offline because of a cyberattack?In healthcare, first responders must make medical decisions dealing with life or death situations in seconds. But when a healthcare organization falls victim to ransomware, the clinical disruptions may go on for weeks.[SC Media Perspectives columns are written by a trusted community of SC Media cybersecurity subject matter experts. Read more Perspectives here.]The impact of ransomware extends far beyond IT. Clinical operations rely on digital technologies. Medical devices fail when the facility loses internet connectivity. Doctors and nurses lose access to patient records. According to a study by the American Economic Association, in-hospital mortality among already-admitted patients rises by an estimated 34% to 38% during the initial phase of a ransomware attack. So, cyberattacks directly harm a healthcare organization’s patient care mission.Traditional business continuity and IT disaster recovery plans often fail after a cyberattack because they’re built for physical disasters, not digital ones. They rely on geographic dispersion, but in an attack, it’s trust in systems, not buildings, that’s destroyed. Because backup sites are usually integrated with production, attackers can compromise both, leaving no trusted environment for teams to recover. And despite “immutable” backup claims, attackers can frequently corrupt or erase backup data, further undermining recovery.There are few shortcuts to restoring systems post-attack. Teams must forensically examine production environments to determine how the attackers got in, what they created or altered and which backups are uninfected. Without the right tools and preparations, this process can take longer than it should.Healthcare boards and senior leaders, even when under-resourced and triaging, must confront how completely care now depends on IT systems and automation.There’s no paper-based fallback for radiation oncology, and paper is an unrealistic substitute for EHR workflows, lab and imaging distribution, medication dispensing or scheduling. Manual monitoring, added physical security risks and loss of facilities automation create an unsustainable load on staff trying to run a modern hospital on paper.IT spent decades developing a body of knowledge around physical disaster recovery, and today few organizations operate without a disaster recovery plan. However, these plans are rarely invoked, while cyberattacks happen weekly. Therefore, healthcare organizations should consider prioritizing cyber resilience, even at the expense of traditional disaster recovery.Importantly, teams must complete and implement this planning before a cyber incident occurs. In this way, cyber resilience becomes an operational capability that we can count on when a ransomware attack materializes.Security keeps attackers out. Resilience helps organizations bounce back faster. Both are necessary. Here are five pointers:

There’s no question that the planning and engineering required represent a significant investment of resources and time from a cross-functional team from clinical, operational and technology disciplines.However, given the scale of patient and financial impacts of an attack, teams must implement cyber resilience measures long before an attack occurs. Create a body of reporting documents on how health systems can apply hard-won lessons from previous cyberattacks at other hospitals, including practical steps that demand more leadership focus than capital spending. In healthcare, resilience gets measured by the continuity of care in a crisis. Unprotected, an organization may default on its patient care mission. By investing in cyber resilience, the same health system can reduce these impacts to patients and safeguard its critical finances. Josh Howell, Healthcare CTO, RubrikSC Media Perspectives columns are written by a trusted community of SC Media cybersecurity subject matter experts. Each contribution has a goal of bringing a unique voice to important cybersecurity topics. Content strives to be of the highest quality, objective and non-commercial.