Category

Backup News

Data with Lock

The Ransomware Plague in Hospitals and Healthcare

By | Backup News, Business Tips, HIPPA, Security, Small Business Computing, Tech Tips for Business Owners | No Comments
by Calyptix, June 1, 2016

The Ransomware Plague in Hospitals and HealthcareFrom pirates to mobsters to petty criminals, kidnapping for ransom is nothing new. We’re all familiar with the process – a person is abducted, the abductor demands a ransom, the ransom is paid, and then the person is released.

Now this age-old form of extortion has evolved into the technological world as ransomware.

Ransomware criminals employ the same principles as their predecessors but with a twist: the kidnappee is data.

The kidnapper in this scenario is crypto ransomware, a malware variant programmed to encrypt and lock data. After a company’s records are locked, the infected computer displays a note that demands ransom.

The perpetrator will only unlock the files once the ransom has been paid in full.

The Ransomware Plague in Hospitals and HealthcareRansomware in Healthcare

The healthcare industry in particular has been struck by a recent spate of ransomware attacks.

With few exceptions, the companies are reluctant to release specific details, leaving the investigating to the FBI.

UMASS Memorial Medical Center

An employee at UMass Memorial Medical Center in Worcester opened an email laced with ransomware last fall, resulting in dozens of locked hospital files on several different computers.

A ransom note was promptly displayed on the hospital monitors.

The hospital chose not to pay ransom, removing all of the encrypted files instead.

Security professionals later restored the system with backup files.

In response, Chief Information Security Officer Bruce Forman outlines his plan to install advanced, persistent threat software that will identify malware based on its behavior.

The Ransomware Plague in Hospitals and HealthcareHollywood Presbyterian Medical Center

On February 5, 2016, hackers locked patient files at Hollywood Presbyterian Medical Center and demanded ransom for access.

The hospital opted to shell out 40 bitcoins – approximately $17,000 – for the encryption key before calling the FBI.

The hospital was off-line over a week.

Emergency room systems, and computers used for CT scans, lab work and pharmacy needs were were all affected by the attack.

Some 911 patients were even sent to other hospitals.

The International Business Times later reported that a group of Turkish hackers had claimed responsibility for the attack via the text-sharing site Pastebin, threatening more attacks as long as the U.S. supports Kurdish rebels.

The claim is unverified however.

Prime Healthcare ManagementThe Ransomware Plague in Hospitals and Healthcare

The Los Angeles Times reported ransomware attacks on March 27, 2016 at two Prime Healthcare Management, Inc. hospitals: Chino Valley Medical Center in Chino, CA, and Desert Valley Hospital in Victorville.

Spokesperson Fred Ortega said the attacks were “immediately addressed and contained,” and no ransom was paid.

The FBI is still investigating.

A third Prime Healthcare facility, the 306-bed Alvarado Hospital in San Diego, was also infected by a crypto virus on March 31, 2016.

The Ransomware Plague in Hospitals and HealthcareMedStar Health

On March 28, 2016 Columbus, MD based provider MedStar Health shut down its database and email after a viral attack.

The provider operates 10 various hospitals, serves hundreds of thousands of patients, and has over 30,000 employees.

MedStar Health claims no information was stolen, and hasn’t labeled the culprit as ransomware, but The Washington Post reported they received a screen shot of a ransom demand for 45 bitcoins – or roughly $19,000 – from a MedStar employee.

The shutdown forced staff to go old-fashioned, relying on paper charts and records. Appointments and surgeries were also delayed.

Other healthcare organizations targeted by ransomware attacks since February, 2016 include the Los Angeles Health Department, Ottawa Hospital in Canada, Methodist Hospital in Henderson, Kentucky, and King’s Daughter’s Health in Madison, Indiana.

In each case, spokespeople reported the systems were shut down, but later restored with back-up files.

The Ransomware Plague in Hospitals and HealthcareWhy is healthcare a target?

In general, ransomware attacks are becoming more prominent because they are successful.

In 2012, a server of 5,700 computers was locked – all on the same day according to United States Computer Emergency Readiness Team.

Symantec analyzed the data and determined 2.9% of the users with locked computers had paid an average ransom of $200 per computer.

While this may be true of ransomware overall, many healthcare organizations claim they actually aren’t paying ransoms.

But some are.

Medical professionals rely on computer access for everything, from critical patient information like allergies and lab results to operating schedules.

The Ransomware Plague in Hospitals and HealthcareLocking access to records can literally be a life or death situation.

Healthcare organizations may be targets not because of their industry, but because of the types of applications they use according to Craig Williams of Talos Research in Arstechnica Report.

He suspects ransomware perpetrators scan the internet for vulnerable servers, finding many in the healthcare trade.

The increase in crypto virus attacks is also caused by the antiquated security systems employed by many companies according to Zach Forsyth at Comodo.

Healthcare organizations are relatively new to the digital game, and their security systems lack the maturity of those in the financial and technology industries.

Criminal attacks on healthcare organizations increased 100 percent between 2009 and 2013 according to the Ponemon Institute.

The trend of attacks against the vulnerable healthcare industry shows no signs of slowing. In fact, ransomware is emerging as a popular crime , states Ben Desjardin’s post on Radware.

The Ransomware Plague in Hospitals and HealthcareHow do ransomware attacks happen?

Some ransomware attacks gain access through phishing, or luring a user to click on a contaminated email or link. Vulnerable servers can also be targeted remotely.

A recent ransomware campaign against the healthcare industry in March, 2016 was under the scope of Cisco Talos Research.

Perpetrators used the open source tool JexBoss to gain traction in a server. Upon access, a ransomware variant named SamSam encrypyted multiple Window systems.

Another malware distribution method, Ransom as a Service (RaaS), emerged in 2015.

Criminals download the ransomware app builder and customize it according to the Microsoft Malware Protection Center.

Ransom MLIS/Samas also emerged early in 2016, with criminals using a penetration testing attack server that searches to exploit vulnerable networks, and uses a publicly available tool called reGeorg for tunneling.

The Ransomware Plague in Hospitals and HealthcareMSPs and VARs Beware!

It’s not just healthcare providers who should worry about their records being locked. Managed Service Providers and Value Added Re-sellers that service the healthcare industry are also at risk.

HIPAA Regulations for IT Compliance instruct that any business involved in the creation, maintenance or monitoring of electronic protected health information (ePHI) is subject to the Security Rules of HIPAA.

Compliance requires that the confidentiality and integrity of ePHIs remain intact.

Because ransomware locks files rather breaching their integrity, the jury is currently out on whether HIPAA-affected organizations have to report crypto virus attacks to the Department of Health and Human Services’ Office for Civil Rights.

It’s possible that attackers have determined ransomware victims might pay up if they can be assured the data has not been stolen, and therefore they may not have to report the breach.

The Ransomware Plague in Hospitals and HealthcareWhat can you do?

A simple solution is to back up your files. If you can access what a criminal has encrypted, you can continue to do business.

Train your employees to never click on suspicious emails or links. In addition, a strong password policy should be implemented throughout the company.

Third Tier produced a ransomware protection kit they’ll mail to you in return for a donation that supports females who want to work in the IT field.

Other remedies include installing a multi-tier defense architecture that checks software multiple times for vulnerabilities.

Web scanning can stop your system from accessing malicious sites as well.

Whitelisting is an effective tool that only allows specific, approved programs to run.

Employees can be granted a “least privilege user account,” which means they are not given administrative privileges to their computers.

Ransomware Prevention can also include blocking malicious TOR IP addresses, and testing restores.
Once your security system is set up, do not ignore it – maintain it. The Red Hat-supported JBoss server application was reported vulnerable in 2007 according to The HIPAA Journal.

A patch to correct the vulnerability has existed for almost ten years, and had it been applied, a number of ransomware attacks could have been prevented.

Creating a Business Continuity Plan For Your Small Business

By | Backup News, Tech Tips for Business Owners | No Comments

Is your business prepared for any type of disaster? Even though small businesses may not have as many employees or as much equipment, they are still as vulnerable to disaster as a large corporation. If your business office were to be destroyed by a tornado, you could lose valuable business if you don’t plan ahead. Many businesses don’t want to take the time and the expense to prepare a business continuity plan, but can you really afford not to make one?

Make a List of All Possible Disasters

The best place to start is to list different types of disasters and try to determine what could be lost in each case, and what you can do to prevent that loss. A flood will require different strategies from a power outage or a fire. Next, try to estimate how long it would take, and how much it would cost, for you to get your business up and running again.

Communication

The middle of a crisis is not the time to frantically search for phone numbers. Even small businesses need emergency contact numbers. Have all emergency contact numbers posted or programmed into every phone. Do you have an alternate mode of communication should your main phone lines shut down? Could your clients seamlessly contact you without ever knowing that your office was in the middle of disaster recovery? The same principal applies to email and fax. Making arrangements regarding communication are critical to keeping your business running smoothly. Communicating with staff and clients can mean the difference between complete shutdown, or minimal a business interruption.

Preserving Your Data

In the event of a disaster, it is important to know that everything you need to function as a business is available. Identify all vital systems, documents, and data. While it is important for every business to backup their data on a regular basis, what if a fire destroyed your office? For this reason, offsite storage is critical to preserving your business’ valuable information. Offsite data storage allows to access to all of your stored data from any computer and from anywhere in the world.

A Temporary Worksite

It is also important to plan for a temporary worksite. Depending on the goods or services your business offers, can you continue smooth operation if your office is shut down? Storing products in a second location can allow you to maintain your regular business schedule.

Test Your Plan

One of the keys to successful disaster recovery is testing your business continuity plan on a regular basis. It is important that you and your staff know exactly what to do, where to go, and how to access the necessary items you need to keep your business running smoothly to the outside world, even if you are standing in the middle of a disaster. Schedule regular plan tests to ensure that everyone in your office is on the same page and ready should disaster strike. Hopefully, you will never have to use your business continuity plan, but it is smart business to be prepared for any emergency should one arise.

Managed Services

Maintaining HIPAA Compliance with Online Data Storage

By | Backup News | No Comments

Keeping patient records secure and private is the concern of every hospital and health care provider, but they are often overwhelmed with years and years of patient information and the lack of adequate storage space. Destroying these health records in order to make room for more storage is often not an option. Patients want access to all of their health care records, and physicians need them in order to better diagnose patients. Online data storage is a way to satisfy all of these issues.

Using online data storage for these records allows easier access for patients, and offers easier sharing of patient information from hospital to physician, as well as from physician to physician. Storing health records online isn’t, however, without security concerns. Patients, hospitals, and physicians want assurance that these confidential records will remain safe, private, and secure, and will only be accessed by those authorized to do so.

What is HIPAA?

HIPAA or the Health Insurance Portability and Accountability Act of 1996 was created in order to protect health information and give patients certain rights regarding their private health information. It also allows for disclosure of health information necessary for patient care. This act specifies safeguards necessary for administrative, and physical and technical handling of patient health information.

According to the U.S. Department of Health and Human Services (HHS.gov) HIPAA has many requirements and restrictions. It requires safeguards for:

  • Access Control
  • Audit Controls
  • Person or Entity Authentication

Access control is defined in the HIPAA Privacy Rule as “the ability or the means necessary to read, write, modify, or communicate data/information or otherwise use any system resource.” It should allow authorized users to only access the minimum amount of information necessary to complete job functions. The Access Control specification also requires the implementation of an exclusive user identification or user ID, and immediate access in case of an emergency.

What Type of Security is Necessary?

When dealing with patient records in an office, maintaining privacy and security usually involves storing patient files in locked cabinets where the files can be physically secured and visibly monitored at all times. When you are storing patient information online, certain precautions must be met in order to maintain the same security and privacy guaranteed each patient.

While HIPAA permits patient records to be transmitted over the Internet, businesses will want a service that offers file encryption, authentication and password protection in order to secure the information. Although HIPAA does not require online data storage services to have encryption, it does require that patient information be adequately protected and accessible only to authorized persons. Encryption is the best way to protect that information and ensure authorized access to those records. It is also important to offer backup services in case of a virus attack, flood, or fire. Finally, the service must offer a method of tracking any security breach, as well as the ability to lock out former employees after they have left or been terminated.

When storing patient information, it is important to stay HIPAA compliant, as the fines for not doing so are expensive. While online data storage for health care businesses guarantee less worry, work, and expense for health care providers, the service is only as good as the security offered. Remaining HIPAA compliant is vital in order to continue a good business relationship with the health care industry.

3 Tips for Shrinking your RTOs and RPOs

By | Backup News | No Comments

Recovery Point Objective (RPO) and Recovery Time Objective (RTO) are two of the most important aspects of a data recovery plan.

A Recovery Point Objective (RPO) determines how much data the business is willing to lose in the event of a failure. A Recovery Time Objective (RTO) determines how much time the business deems acceptable to wait for the recovery process to complete.

Even though these parameters are defined and agreed on together with the business, IT admins are constantly striving to reduce their RTOs and RPOs through technology and process. The shorter the RTOs and RPOs, the less downtime the organization will have to endure, resulting in less productivity loss, less costs incurred and reduced risk of reputational impact. Here are three tips to help shrink your RTOs and RPOs.

1. Increase backup frequency

An immediate gain to reduce your RTOs and RPOs is to increase the frequency of backups. By doing this, you lower your RPO because you have more snapshots of your critical data. Similarly, you lower your RTO because having more recent backups will reduce the time it takes to recover.

2. Use ‘changed block recovery’ solutions

The concept of changed block technology is similar to incremental backups. Only the blocks of data that have changed since the last full backup or, in the case of virtual machines (VMs), those blocks needed to restore the VM to a given point in time are backed up.

Whether for virtual or physical backups, if you use a solution that constantly monitors for changes to data blocks then as soon as the backup kicks in, all the pre-processing has already been done. This means your overall backup time is reduced.

3. Replicate, replicate, replicate!

Having a secondary copy of a live data set that you can switch to instantly in the event of a failure will help lower your RTOs.  If you keep a secondary server off-site, your RTO will be limited to the time it takes to failover from one server to another. The frequency of the replication will determine your RPO – the more often you replicate, the lower the RPO.

Conclusion

With all this in mind, it is clear that the lower your RTOs and RPOs need to be, the more complex and more expensive your infrastructure and data protection strategy will be. This is where your choice of backup solution becomes vitally important. Choose well and not only will you help to reduce your RTOs and RPOs but also your Total Cost of Ownership (TCO).

The new features in KIT CloudBackup aim to reduce RTOs and RPOs from hours to minutes. Here are two features worth mentioning.

  • Standby Image – The ability to backup data at a granular level in the form of a standby recoverable image gives you a more flexible and streamlined approach to recovery. This feature gives you an RTO of less than 5 minutes.
  • Backup Accelerator – By continuously monitoring large files for changes, the backup pre-processing time is cut significantly, thus reducing the overall backup window and helping to meet your RPO.

Backup and Recovery Built for Free ESXi

By | Backup News, Uncategorized | No Comments

Unitrends Free Edition and Free ESXi – it’s official.  Unitrends takes great pride in being an industry innovator and creating products that enhance the customer value of VMware ESX, ESXi, and ESXi Free. Today, we’re thrilled to announce free protection for free ESXi.

Download Unitrends Enterprise Backup Free Edition now
Solution Highlights:

  • Unitrends Enterprise Backup can be deployed as a virtual appliance upon the entire family of VMware ESX, ESXi and now ESXi Free; protect virtual AND physical environments, and have truly heterogeneous protection (100+ versions of operating systems and applications)
  • Seamless and granular support at both the virtual host level and guest level for operating systems and applications with respect to backup, archiving, replication and virtualization failover.
  • Fully functioning enterprise solution that includes automated scheduling, instant recovery, global deduplication, archiving, and much more.
  • Solution Brief: VMware Infrastructure with Unitrends Enterprise Backup.

Ready to ditch your manual ad hoc backups?

Download Unitrends Enterprise Backup Free Edition now