Recovery

Overview Ransomware People Process Detection Call to action

& Impact

Produced in partnership with

Know, Protect,
and Recover
Standing Strong
in the Fight Against
Ransomware
Sponsored by
 Recovery
Overview Ransomware People Process Detection Call to action
Overview & Impact

Ransomware: the emerging threat

While malicious
cyberattacks are
nothing new, the
nature of the beast
has changed, as
cybercriminals now are deploying
ransomware any type of
malware that restricts access to a
computer system or data until a
payment is made to bring
operations at healthcare
organizations to a grinding halt.
As a result, leaders need to work
harder than ever before to tame
this rabid threat. better protect it.
Getting into healthcare systems and Rick Bryant
stealing data to sell has a negative impact
on patient privacy, but locking healthcare
Crash Course In
Modern Day Ransomware
Click here for more information.
organizations out
of systems is much Hospital Declares Internal
State of Emergency After
uglier because it
Ransomware Infection
can have a really
detrimental effect Click here for more information.
on patient care,
said Rick Bryant, ransomware to hold healthcare
Healthcare organizations hostage.
Practice Manager High-profile ransomware cases such
at Veritas as the attacks that occurred at Hollywood
Technologies LLC. Presbyterian and MedStar Health in early
Healthcare
organizations need Imagine 2016 have brought attention to the fact
to know exactly
if a patient is that healthcare organizations cant sit idle
brought to an but instead must begin to manage their
where their critical
emergency data in a manner that makes them less
patient information
department and vulnerable to intrusions.
is, so they can the clinicians cant Healthcare organizations need to
get access to his know exactly where their critical patient
records and give information is, so they can better protect it,
him a drug he is allergic to. There are Bryant said. Its not like other industries
some very real patient care implications. where you might not be able to process an
Unfortunately, as healthcare order if a criminal is holding information
organizations have become increasingly ransom. In healthcare, you could be putting
reliant on information technology, human lives at risk. n
cybercriminals have realized and
exploited the fact that they can use

Know, Protect, and Recover: Standing Strong in the Fight Against Ransomware 2
 Recovery
Overview Ransomware People Process Detection Call to action
Ransomware & Impact

Ransomware goes rogue and rampant

While ransomware
has been in
existence since
the late 1980s,
it has become
much more sophisticated,
prevalent and difficult to control
in recent years.
The AIDS Trojan, first-generation malware
introduced in 1989, was relatively easy to
overcome, as victims were able to use
tools to decrypt the affected data and
restore their systems quickly.1
Fast forward to today, and cybercriminals
are using more sophisticated and potentially
dangerous forms of ransomware.
Locker, which locks out end-users from
accessing computers or devices, accounts
Hackers hit another
hospital with ransomware,
encrypt four computers
Click here for more information.
for 36 percent of
the ransomware As ransomware attacks spread,
health system hit by phishing
used, according to
a report from Click here for more information.
Symantec.2
Crypto encrypts sophisticated technology than many
the data that healthcare organizations, said Greg
resides on Carter, Healthcare Technologist at Veritas
computers and Technologies LLC. Healthcare
devices, rendering organizations struggle with having the
Healthcare it useless by technical skills to defend their data.
organizations end-users. The After all, their business is patient care,
first instance of not technology.
struggle with
this type of Healthcare organizations, however,
having the technical
ransomware, can reduce their risk by identifying what
skills to defend
which now information needs to be protected and
their data. accounts for 64 therefore, becoming less vulnerable.
Greg Carter percent of the With solutions such as Data Insight from
ransomware used today,2 appeared in Veritas, for example, organizations can
2013 in the form of CryptoLocker, a identify where all critical unstructured data
ransomware Trojan that generated a resides and then move it to a safe
2048-bit RSA key pair and was spread location or encrypt it. n
through email attachments and drive-by REFERENCES
downloads from infected websites.1 1. KnowBe4.com. Your Money or Your Life Files, 2016.
2. Symantec. The Evolution of Ransomware, August 6, 2015.
Unfortunately, hackers are better
resourced and, therefore, deploy more

Know, Protect, and Recover: Standing Strong in the Fight Against Ransomware 3

Overview Ransomware
Prepared to prevent, ready to restore
While ransomware
targets computers,
it takes a human
touch to prevent
such attacks.
People are the ones using the system.
It is through people that ransomware is
spread throughout an organization, Bryant
said. The attackers are sending phishing
emails or bad URLs or posting malvertising
on legitimate websites.So, it is the people
who you have to educate on what to do
and what to look for to halt ransomware.
Your people must be continually educated
on how to avoid malicious attacks that will
put their organization at risk.
Perhaps most important, staff members
need to have confidence in their ability to
restore their systems so they wont easily
Tips for protecting hospitals
from ransomware as
cyberattacks surge
Click here for more information.
People Process Detection
People
succumb to cybercriminals threats.
The cultural stigma of being hacked
shouldnt be any more of an event than a
hard drive crashing. It happens and its
disruptive, but if staff members can
confidently call their IT department and
know that they will be up and running
within a few hours then they dont even
have to try to negotiate with criminals
and put their organization at a bigger risk,
Bryant said.
Such confidence in the ability to recover
can help organizations carry on, even as
ransomware attacks become more malicious.
Cybercriminals are starting to stage
ransomware attacks to divert organizations
Know, Protect, and Recover: Standing Strong in the Fight Against Ransomware
Recovery
Call to action
& Impact
from other attacks. For instance, they might
stage the ransomware attack while another
attack is redirecting pharmaceuticals.
So, they might have a shipment of
narcotics redirected to one of their
hotspots, so they can sell drugs. Thats
where the real money might come in for
the cybercriminals, Bryant said. But if
healthcare organizations have confidence
in their ability to recover, then they wont
have to fall prey to such schemes. n
Crash Course In
Modern Day Ransomware
Click here for more information.
4

Overview Ransomware
Sound information governance
Its good to hold
valuables close to
the vest while trying
to protect them.
But doing so is an
exercise in futility if you dont
know where valuables are located
or if you have too many to carry.
According to Veritas recent report, The
Databerg Report: See What Others Dont,
many healthcare organizations are creating
unwieldy databergs that make it difficult
to get a handle on exactly what needs to
be protected. These databergs consist of:
Business Critical Data This is data identified as vital to
the on-going operational success of our organization.
We need to protect and proactively manage business
critical data.
Redundant, Obsolete And Trivial (Rot) Data This is
data identified as Redundant, or duplicate, data,
Obsolete, no longer having business value, and Trivial
data with little or no business value for us. We need to
proactively minimize ROT data by securely deleting it on
a regular basis.
Dark Data This is data whose value has not yet been
identified. It may include vital business critical data as well
as useless ROT data. Either way, it consumes resources.
We need to explore and assign dark data, as either ROT
or business critical data, as soon as practical.
People Process
Process
Read the Databerg Report
Click here for more information.
To avoid spiraling future data manage-
ment costs and the risk of sweeping sanc-
tions, US organizations need to take action,
now, and reduce their Databergs.
After determining what needs to be
protected through information governance
Know, Protect, and Recover: Standing Strong in the Fight Against Ransomware
Recovery
Detection Call to action
& Impact
NIST Framework
Click here for more information.
initiatives, organizations can then develop
sound security processes by drawing
guidance from published documents such
as the NIST (National Institute of Standards
and Technology) CyberSecurity Framework.
With such a framework serving as an
overall guide, healthcare organizations can
continually weave best practices into their
processes. For example, they might want
to adopt a defense in depth strategy as a
best practice.
Defense in depth goes back to a military
strategy that has multiple lines of defense,
Bryant explained.The concept is that
there is a multi-layered approach.So, if
attackers penetrate one layer, there is
another layer that will block them. n
Veritas Information
Governance Solutions
Click here for more information.
5

Overview Ransomware
Technology: driving strategic
data management
Electronic data is
growing at an
unprecedented
rate in the
healthcare industry.
An overwhelming amount of data that
organizations hold on to, however, has no
legal, regulatory or business value. In fact,
69 percent of an organizations stored
information is redundant, outdated or
trivial, according to the Compliance,
Governance Oversight Council.1
With manually separating critical data
from useless data a time-consuming and
ultimately fruitless exercise, organizations
must start leveraging technologies that
enable them to support better information
governance programs.
Veritas Data Insight
Click here for more information.
People Process Detection
Detection
NIST Cyber Security Framework
Click here for more information.
In healthcare, more data equals more
risk, Bryant said. However, healthcare
organizations are afraid to delete things
because they dont know the difference
between an MP3 music file and a file with
drug treatment protocols. They need to be
able to identify the data that is critical to
patient care.
Information governance technologies
can help healthcare organizations practice
defensible deletion.These tools can also
help to identify unnecessary privileged
access, recognize who is accessing data
(and when, where and why they are
accessing it), and identify and archive
useless data from primary storage.Most
importantly, such technology can identify
protected health information (PHI) and then
safeguard this data by moving it to an
Know, Protect, and Recover: Standing Strong in the Fight Against Ransomware
Recovery
Call to action
& Impact
appropriate storage area or encrypting it.
With these tools, organizations can finally
understand the difference between the
data that is needed to drive the
organization forward and the data that is no
longer needed, Carter said. And, they can
start to strategically manage data instead
of just building more storage space. n
REFERENCE
1. Compliance, Governance and Oversight Council (CGOC).
Information Governance Benchmark Report in Global
1000 Companies, October 2011.
Data Loss Prevention
Click here for more information.
6

Overview Ransomware
Leveraging technology to recover
While healthcare
organizations must
do everything in
their power to
protect themselves
from ransomware attacks, they
also must prepare for the worst.
Many healthcare organizations dont
have a simplified, automated and
predictable disaster recovery strategy. The
identification of what is truly critical data
and the proper way to recover is at times
not clear or tested, Carter said.So, they
wind up having to pay a ransom and do a
press release about the attack.That breaks
my heart because it sends the wrong
message and could prompt more hackers
to target healthcare.
Healthcare organizations need an
enterprise backup and recovery solution
NetBackup Converged Platform
Click here for more information.
Recovery
People Process Detection Recovery Call to action
& Impact
& Impact
that will ensure that all data and
applications are replicated not just InfoScale Storage
Flashsnap functionality
backed up and everything is stored
safely at a reliable recovery site. Click here for more information.
These solutions make it possible to
recover the data to the time previous to they are likely to fail. There is always a
the ransomware attack, Carter said. Point- possibility that something has been
in-time backup ensures that organizations missed. So, testing is critical. n
wont lose many months worth of data.
To add an extra layer of security,
healthcare organizations should deploy
backup appliances that have security in the
boxes themselves so they cant be
compromised, according to Carter. You
can have a ransomware attack in the
organization, but it wont affect backups if
you are using one that has embedded
security, he added.
Perhaps most important, organizations
need to test their backup plans and
technologies before disasters strike.
It all means nothing if organizations
dont conduct simulations and testing,
Carter said. If organizations just put
recovery policies and technologies in
place and assume everything is OK,
Know, Protect, and Recover: Standing Strong in the Fight Against Ransomware 7
 Recovery
Overview Ransomware People Process Detection Call to action
& Impact Call to action

A comprehensive defense
Healthcare information governance initiatives and guard against and quickly recover from
organizations are implementing sophisticated, ransomware attacks.Only then will
comprehensive security programs that organizations be able to provide patient
being held
delineate how people, processes and care without unnecessary and disastrous
ransom like technology can be used to steadfastly interruptions. n
never before.
As cybercriminals become more
sophisticated and leverage
advanced tools, more healthcare
organizations are becoming
the victims of increasingly
malicious ransomware attacks.
While some of the initial victims To learn more about how healthcare
succumbed to their attackers demands organizations can better protect valuable
and wound up paying ransoms to regain
access to their computer systems its
patient data in this era of cybercrime, go to
time to fight back.To protect themselves, www.veritas.com/solution/healthcare.
healthcare organizations need to reduce
risk by mounting comprehensive

The Data Cure:

Information Management
in the Healthcare Sector
Click here for more information. 2016 Veritas Technologies LLC. All rights reserved. Veritas and the Veritas Logo are trademarks or registered trademarks of
Veritas Technologies or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners.

Know, Protect, and Recover: Standing Strong in the Fight Against Ransomware 8