It was only a year ago that the global ransomware attack WannaCry was infecting more than 230,000 computers, spanning at least 150 countries. In the UK, we saw the story garner many column inches and public opinion centred on an overwhelming concern about the implications of such an attack and the somewhat muted response of the NHS.
Even though NHS organisations did not report any cases of harm to patients or of data being compromised or stolen, about a third of hospital trusts in England were disrupted and NHS England data showed that at least 80 out of 236 trusts were affected – with 34 infected and locked out of devices (of which 27 were acute trusts), and 46 not infected but reporting disruption. A further 603 primary care and other NHS organisations were infected by WannaCry, including 8% of GP practices (595 out of 7,454).
In the report ‘Lessons learned review of the WannaCry Ransomware Cyber Attack’ released in February 2018, NHS’ Chief Information Officer for Health and Social Care William Smart explained that the work of a cybersecurity researcher, who activated a ‘kill-switch’ on the evening of Friday 12 May, had the effect of stopping WannaCry infecting further devices. Without this intervention, it is likely that the impact that WannaCry had on services would have been even greater.
But a question still remains, is there anything else that could’ve been done to avoid the incident, mitigate the risk of sensitive data falling into the wrong hands, and quickly recover from such an attack? The answer could be the cloud.
Is data more secure in the cloud?
After your data has been encrypted by a ransomware, recovering it is almost impossible, thus, investing in prevention seems to be the securest solution. The first step would be creating secure backups of sensitive data on a regular basis. Keeping in mind that in case of a ransomware attack you need to physically disconnect the storage device to avoid it being infected, it would be best to keep your data backed up in the cloud rather than on-premises.
In an ideal world, the best solution would be to be warned early enough, so you can quickly isolate a ransomware infection and recover important data before the entire network is affected. Some CSPs have enhanced their solutions, for example here at iland we now offer deep packet inspection, encryption, antivirus, anti-malware scans, and integrated reports for compliance and regulatory audits.
These services can include:
- vulnerability scanning
- monitoring of changes to critical files and application control which helps limit or block network access for certain applications firewall event
- identification and prevention of DDoS and other cyber attacks
- web reputation monitoring and control
- proactive quarantine of known viruses and malware
It is important here to outline that, when confronted by a ransomware attack, your weakest links in the security chain are your endpoints, so users’ devices must be protected with AV protection, regular backups and anomaly detection.
DRaaS, the ultimate prevention?
While the public opinion was primarily concerned about the consequences of WannaCry’s encryption of NHS patients’ data files and medical systems, what actually caused most damages was the downtime. Moreover, even though a simple backup will let you restore your production database, this will take much more time than a DRaaS solution.
DR is a system of replication combining software and the cloud designed to minimise downtime. It creates a copy of the VM at a secondary location and can fail-over in seconds or minutes. Instead of simply having backups, DR allows organisations to devise a recoverability strategy for when a disaster strikes enabling them to failover production systems and get the organisation back up and running quickly.
DRaaS involves the engagement of a cloud service provider that facilitates some or all of the recovery process and hosts the replicated systems in their cloud. DRaaS provides more beneﬁts to healthcare organisations than secondary sites by providing geographic diversity and the support of an engaged third party to help in an emergency.
Has it convinced healthcare organisations?
While consequences could have been much worse, healthcare organisations became more conscious of the importance of having robust security. This is when cloud computing was looked at as a one of the best threat response strategies. The automation that can be applied to the cloud and the scalability of its monitoring and threat detection means that it’s easier to detect and manage incidents. In terms of security, it shows a proactive process that allows organisations to manage incidents more effectively and enhance malware prevention.
Earlier this year, the Secretary of State for Health and Social Care, WJeremy Hunt, signed off on the first official guidance aiming to help the UK’s National Health Service moving to cloud. The cloud will help them to provide reliable disaster recovery, support for agile deployments, and a freedom from maintaining hardware. However, many seem to still be resistant to this move due to compliance concerns.
Whether it’s identifying and implementing the proper controls in the cloud, passing an audit on cloud resources, or keeping up with changing regulations, IT departments in healthcare firms often don’t have the time or resident expertise to confidently solve the cloud compliance problem.
However, they don’t have to do it alone. Here at iland we have brought together cloud, security, and compliance into one, seamless platform, enabling organisations to get access to the security controls required by HIPAA, the reports needed to complete an audit, and the support from in-house Compliance teams, to answer any questions.
Healthcare organisations should be urged to embrace the cloud, not only because it is an opportunity to reduce cost, but also because cloud technology stimulates innovation, offers greater security and easier scalability than traditional solutions.
Written by Sam Woodcock, Director Solutions Architect EMEA and APAC at iland NHS