Request Information

Request Information

or Call 1.877.459.4347
Upcoming Webinars
Webinar: Healthcare Ransomware Realities | May 25, 2017 2:00 pm

The DRaaS / Ransomware Gap: Recent Attacks Highlight Common Industry Concerns

April 5, 2017 / Dave McCrystal

Disaster Recovery as a Service (DRaaS) solutions are rapidly gaining acceptance in healthcare, and for good reason. In Evolve IP’s 2016 Disaster Recovery and Business Continuity Survey while 89% of healthcare firms indicate that disaster recovery compliance is a requirement, only 53% of healthcare respondents feel very prepared for a disaster through DRaaS or internal services. There are other concerning statistics from healthcare as well. For example, 33% of firms are still using backup tapes. 47% are using a mirror site, but many of these are within 50 miles of the primary site (not a DRaaS best practice), and 49% feel that their disaster recovery program is underfunded. These statistics contrast greatly with the urgency you might expect given the everyday news stories and real-life examples (see two recent examples below) of how cyberattacks are impacting the healthcare industry.

By now, there’s no longer an education gap regarding the reality of these threats or the existence of DRaaS and related service models. Especially since 33% of companies surveyed reported having a disaster event within the last year. However there is still a major gap — whether it’s a lack of executive buy-in, budget challenges, or simply IT inertia – that leaves the healthcare industry as a whole poorly prepared to defend itself.

Among the confusing issues for many, is the notion that a “disaster” is some type of rare but violent event. In fact, in our experience providing DRaaS services to the healthcare industry and others, the most common disaster scenarios (and the most damaging from a business perspective) stem from common every day events. For example, a server reaches the end of its 3-to-5-year lifecycle at an inopportune moment. In this situation, and without DRaaS, the business can be disabled until the hardware can be repaired or data is recovered from backups. Another possibility is that a cybercriminal executes a phishing attack on your employees. The attack fools an employee into clicking on a bad link that appears to be legitimate. Then, before you know it, personal user data is breached and exposed.

This is exactly what happened in a recent cyberattack that impacted the Washington University School of Medicine. Over 80,000 patient records were breached as a result of a phishing attack. Separate from ransomware attacks, but part of a related methodology, phishing attacks can be the source of a data breach or might be a precursor to a ransomware attack. Once criminal has caused an employee to click on the “bad” email, any number of attacks can be deployed. For example, passwords can be stolen through a keylogging program that may get installed behind the scenes on the user’s computer. Then every time they log into their account and enter their real password credentials, the criminal is watching remotely and recording the characters that the user is typing in. This can ultimately lead to a deeper infiltration when the criminal starts using the stolen password information to gain network and/or application access. Data can be slowly stolen over time or a more aggressive and disruptive ransomware attack can be executed.

Ransomware is a simpler, and increasingly common form of attack because of its more immediate negative impact (for more details see our 10-minute guide to ransomware protection). The compromised email account is used as an open window through which the attacker simply delivers a virus that encrypts file folders or servers so that they can’t be used. If there’s a DRaaS solution in place, the threat can be averted in a matter of hours. If not, the attackers can hold the IT assets for ransom until their financial demands are met. A very recent example of this in healthcare is when Urology Austin was hit with a ransomware attack.

What we tell people is to focus on “recoverability” as the key thought. No matter what happens, or what type of new attack is created, businesses with IT systems that support and contain patient data, systems, and processes need to be recoverable. The questions are very simple. If servers were unavailable and due to an attack, what would you do? Will you be recovered in an hour? In four hours? A day? A week? Or longer? With the severity of attacks that we’ve seen, longer time frames are very realistic possibilities. That’s why business continuity plans should include DRaaS or a robust internal disaster recovery component to protect critical computing tasks and communication capabilities. Putting these protections in place and practicing them many times before an incident occurs can make a significant difference in the outcome for your business.

Categories: Business Continuity & Disaster Recovery

Clients We Work With

  • Company Profile

    Association Resource Group is an award-winning technology consulting and brokerage firm with over 25 years as an industry-leader.

    Testimonial

    We have been Evolve DaaS clients for just about 2 years. What execs really need to know is how much productivity DaaS brings to an organization. We have estimated that each employee saves 10 minutes a day in startup and shutdown time. Probably another 5 minutes a day in work from home productivity - i.e. more likely to log in from their home PC than if they had to carry a laptop home every night and no clunky VPN or Citrix session to dissuade them from getting on.

    So, 15 minutes a day, that is 3% of their day back. 3% of an $80,000 a year employee is $2,500.

    DaaS has a 300% return, with no capital at risk. That is what I would tell your execs. Feel free to ask questions.

    Best!

    Steve Murphey, Vice President

  • Company Profile

    Based in Northern New England, ClearChoiceMD treats urgent, non-life-threatening medical needs.

    Testimonial

    "With Cloud Connect, we have eliminated intermittent phone and internet service drops, increased the reliability of daily business tasks like writing e-prescriptions. We’ve even resolved printing issues. We have zero down time now as a result of connectivity because we’re always up and running.”

    Alex Fuchs, IT Director for CCMD

  • Company Profile

    CCI Health & Wellness Services is a group practice, empowering patients to partner with staff for an unparalleled healthcare experience.

    Testimonial

    “Usability is one of the most important factors in selecting technology solutions. We needed a solution that our staff could learn quickly and rely upon each day through high call volumes. Evolve IP emerged as best choice and the deployment has been very successful.”

    John Torontow, MD, MPH Chief Operating Officer - CCI Health and Wellness Services

Awards & Recognition

View More

Compliance & Certifications

View More

Latest Blog Posts

How To Handle Nuisance Callers Like A Boss
April 28, 2017 / Peter Eisengrein
About a week ago I got a telemarking call at the office. I listened to the man’s pitch for some…
Proven Way For Call Centers To Reduce Abandoned Calls And Enhance Customer Satisfaction
Proven Way For Call Centers To Reduce Abandoned Calls And Enhance Customer Satisfaction
April 26, 2017 / Evolve IP
On a busy day when communication matters most, the last place you want to find your customers is on the…
Junior Achievement Blasts Off with Lava for Life
April 13, 2017 / Jennifer Gutekunst
Over the past six months, Evolve IP has been a host site for Junior Achievement (JA).  JA is an interactive…
View More

Lastest Press Releases

Evolve IP Awarded With 2017 Unified Communications Product of the Year
April 28, 2017 / Evolve IP
Integrated Business Collaboration Services and IP Phone System Honored for Exceptional Innovation WAYNE, Pa. April 28, 2017 — Evolve IP, The Cloud Services Company™, announced today that TMC and Internet…
Evolve IP Announces Availability of the Global Evolved Office (GEO)
April 10, 2017 / Evolve IP
The Cloud Services Company™ Continues Global Expansion With New Product Offering and Support and Development Office WAYNE, Pa. April 10, 2017 - Evolve IP, The Cloud Services Company™, today announced…
Financial Industry IT Professionals and Executives Believe Data is Safer in the Cloud than On-Premises
April 6, 2017 / Evolve IP
Evolve IP Survey of 110+ Credit Union, Banking and other Financial Professionals Reveals Cloud Growth, Compliance Needs and Deployment Trends WAYNE, Pa.—April 6, 2017 –– Financial industry IT professionals and…
View More
close

Contact Us

or Call 1.877.459.4347