Request Information

Request Information

or Call 1.877.459.4347
Upcoming Webinars
Walk “in the Cloud” at VMworld! | August 30, 2017 2:00 pm
DR, DaaS and Data Protection: Cloud Strategies for Success | September 13, 2017 11:00 am

The DRaaS / Ransomware Gap: Recent Attacks Highlight Common Industry Concerns

The DRaaS / Ransomware Gap: Recent Attacks Highlight Common Industry Concerns
April 5, 2017 / Dave McCrystal

Disaster Recovery as a Service (DRaaS) solutions are rapidly gaining acceptance in healthcare, and for good reason. In Evolve IP’s 2016 Disaster Recovery and Business Continuity Survey while 89% of healthcare firms indicate that disaster recovery compliance is a requirement, only 53% of healthcare respondents feel very prepared for a disaster through DRaaS or internal services. There are other concerning statistics from healthcare as well. For example, 33% of firms are still using backup tapes. 47% are using a mirror site, but many of these are within 50 miles of the primary site (not a DRaaS best practice), and 49% feel that their disaster recovery program is underfunded. These statistics contrast greatly with the urgency you might expect given the everyday news stories and real-life examples (see two recent examples below) of how cyberattacks are impacting the healthcare industry.

By now, there’s no longer an education gap regarding the reality of these threats or the existence of DRaaS and related service models. Especially since 33% of companies surveyed reported having a disaster event within the last year. However there is still a major gap — whether it’s a lack of executive buy-in, budget challenges, or simply IT inertia – that leaves the healthcare industry as a whole poorly prepared to defend itself.

Among the confusing issues for many, is the notion that a “disaster” is some type of rare but violent event. In fact, in our experience providing DRaaS services to the healthcare industry and others, the most common disaster scenarios (and the most damaging from a business perspective) stem from common every day events. For example, a server reaches the end of its 3-to-5-year lifecycle at an inopportune moment. In this situation, and without DRaaS, the business can be disabled until the hardware can be repaired or data is recovered from backups. Another possibility is that a cybercriminal executes a phishing attack on your employees. The attack fools an employee into clicking on a bad link that appears to be legitimate. Then, before you know it, personal user data is breached and exposed.

This is exactly what happened in a recent cyberattack that impacted the Washington University School of Medicine. Over 80,000 patient records were breached as a result of a phishing attack. Separate from ransomware attacks, but part of a related methodology, phishing attacks can be the source of a data breach or might be a precursor to a ransomware attack. Once criminal has caused an employee to click on the “bad” email, any number of attacks can be deployed. For example, passwords can be stolen through a keylogging program that may get installed behind the scenes on the user’s computer. Then every time they log into their account and enter their real password credentials, the criminal is watching remotely and recording the characters that the user is typing in. This can ultimately lead to a deeper infiltration when the criminal starts using the stolen password information to gain network and/or application access. Data can be slowly stolen over time or a more aggressive and disruptive ransomware attack can be executed.

Get the facts on ransomware with our Ransomware is Dead Webinar:

Ransomware is Dead

Ransomware is a simpler, and increasingly common form of attack because of its more immediate negative impact (for more details see our 10-minute guide to ransomware protection). The compromised email account is used as an open window through which the attacker simply delivers a virus that encrypts file folders or servers so that they can’t be used. If there’s a DRaaS solution in place, the threat can be averted in a matter of hours. If not, the attackers can hold the IT assets for ransom until their financial demands are met. A very recent example of this in healthcare is when Urology Austin was hit with a ransomware attack.

What we tell people is to focus on “recoverability” as the key thought. No matter what happens, or what type of new attack is created, businesses with IT systems that support and contain patient data, systems, and processes need to be recoverable. The questions are very simple. If servers were unavailable and due to an attack, what would you do? Will you be recovered in an hour? In four hours? A day? A week? Or longer? With the severity of attacks that we’ve seen, longer time frames are very realistic possibilities. That’s why business continuity plans should include DRaaS or a robust internal disaster recovery component to protect critical computing tasks and communication capabilities. Putting these protections in place and practicing them many times before an incident occurs can make a significant difference in the outcome for your business.

Categories: Business Continuity & Disaster Recovery Comic

Clients We Work With

  • Company Profile

    Association Resource Group is an award-winning technology consulting and brokerage firm with over 25 years as an industry-leader.

    Testimonial

    We have been Evolve DaaS clients for just about 2 years. What execs really need to know is how much productivity DaaS brings to an organization. We have estimated that each employee saves 10 minutes a day in startup and shutdown time. Probably another 5 minutes a day in work from home productivity - i.e. more likely to log in from their home PC than if they had to carry a laptop home every night and no clunky VPN or Citrix session to dissuade them from getting on.

    So, 15 minutes a day, that is 3% of their day back. 3% of an $80,000 a year employee is $2,500.

    DaaS has a 300% return, with no capital at risk. That is what I would tell your execs. Feel free to ask questions.

    Best!

    Steve Murphey, Vice President

  • Company Profile

    Based in Northern New England, ClearChoiceMD treats urgent, non-life-threatening medical needs.

    Testimonial

    "With Cloud Connect, we have eliminated intermittent phone and internet service drops, increased the reliability of daily business tasks like writing e-prescriptions. We’ve even resolved printing issues. We have zero down time now as a result of connectivity because we’re always up and running.”

    Alex Fuchs, IT Director for CCMD

  • Company Profile

    CCI Health & Wellness Services is a group practice, empowering patients to partner with staff for an unparalleled healthcare experience.

    Testimonial

    “Usability is one of the most important factors in selecting technology solutions. We needed a solution that our staff could learn quickly and rely upon each day through high call volumes. Evolve IP emerged as best choice and the deployment has been very successful.”

    John Torontow, MD, MPH Chief Operating Officer - CCI Health and Wellness Services

Awards & Recognition

View More

Compliance & Certifications

View More

Latest Blog Posts

Key Steps on Call Center Reporting & Analytics
Key Steps on Call Center Reporting & Analytics
August 22, 2017 / Rich Fox
Key Steps to Improving your Call Center Reporting Understand the available data: You need to understand the underlying data that…
Evolve IP is on a Roll!
August 18, 2017 / Erika von Hoyer
We are thrilled to announce that Evolve IP has once again made the Inc. 5000 list as one of the fastest growing…
DaaS Enables Evolve IP to Give Back copy
DaaS Enables Evolve IP to Give Back
August 2, 2017 / Evolve IP
Recently thirty associates from Evolve IP came together at LaMancha Animal Rescue in Unionville, Pennsylvania to volunteer time. Cleaning out…
View More

Lastest Press Releases

Evolve IP Named For 5th Time to 2017 Inc. 5000 List of Fastest-Growing Private Companies
August 17, 2017 / Evolve IP
Receives Inc. 5000 Honor Roll Designation; Achieved by Fewer than 10 Percent of Recognized Businesses WAYNE, Pa.—August 17, 2017—Evolve IP, The Cloud Strategy Company™, today announced its inclusion on Inc. Magazine’s 2017 Inc.…
BCM One Offers Evolve IP’s Full Suite of Award-Winning, Integrated Cloud Computing and Communications Solutions
August 14, 2017 / Evolve IP
WAYNE, Pa. — August 14, 2017 —Evolve IP™, The Cloud Strategy Company™, today announced that BCM One, a leading technology solutions provider, is now offering Evolve IP’s complete suite of…
Evolve IP Adds Telarus To Master Agent Partner Program
August 8, 2017 / Evolve IP
Leading Cloud Services Distributor to Offer Evolve IP’s Full Suite of Award-Winning Cloud Computing and Communications Services WAYNE, Pa. — August 7, 2017 —Evolve IP™, The Cloud Strategy Company™, today…
View More
close

Contact Us

or Call 1.877.459.4347