A ransomware attack can easily cripple an entire healthcare organization’s operations. It can also result in serious compliance issues and insurmountable recovery costs. Unfortunately, not every attack will be prevented—but should one occur, there are steps you can take to reduce or eliminate the damage that results.
One of the most effective methods of mitigating the effects of a ransomware attack is making immutable backups. With the right immutable backup solution, your healthcare company’s operations can continue without major disruption, even if the attack is successful.
Keep reading for an explanation of what immutable backups are and how you can use them to combat ransomware assaults.
An immutable backup is a copy of your data that no one can delete, encrypt, or change. This means that not even an account admin can alter or encrypt the data—and the same goes for an attacker.
As soon as a backup is written to immutable storage, it’s locked. It stays locked for a specific period of time, such as 30 days. Here’s what happens when you have immutable backups:
This means that if you make immutable backups of the right data, your organization can continue its work with relatively little downtime, even if a ransomware attacker penetrates your defenses.
Immutable backups work by using database settings that prevent specific actions, such as deleting, modifying, and encrypting files. They use a write once, read many policy that you can set for a certain time period.
A section of a database is, in some ways, a lot like an inventory room in a warehouse. Each “room” has its own rules. Some allow people to come in and remove items as they’d like. In other rooms, people may have the freedom to change what’s inside, perhaps by adding components that weren’t there previously.
Eventually, the contents of the inventory room are used to build whatever the factory produces. Similarly, the contents of a backup can be used to “build” the data that a business-critical app depends on.
For immutable backups, the rules governing what can happen to the data in each “room” are very strict. For instance:
In other words, your database’s configuration seals and protects the information inside each immutable backup.
Immutable backups are a powerful tool against ransomware—which makes them an ideal strategic weapon in healthcare’s fight against cyber criminals. The data that a healthcare organization holds is pivotal for both its operations and serving patients. Hackers know that if they encrypt healthcare data, they can simultaneously cripple day-to-day activities and threaten the business’s reputation, especially if they expose private patient information.
But when you use immutable backups, you:
You can use the checklist below to make sure your healthcare cloud solutions have a solid anti-ransomware strategy.
This ensures your backups get written once and can’t be changed or deleted until the retention time period ends. You can also adjust the time period to optimize your storage usage and minimize your healthcare cloud solutions costs.
MFA is still a powerful tool, even when you use immutable backups. It keeps your backups secure even if an attacker has stolen an admin’s username and password. Otherwise, using a multi-pronged approach, a hacker could try to bypass your immutable backups by logging in with admin credentials and accessing sensitive backup data.
When you set your retention policies according to your needs, you can keep backup data long enough to withstand what’s known as slow-burn ransomware. This can sit dormant in your system for weeks at a time. To mitigate slow-burn attacks, you can use an extended retention policy, such as 90 days. This gives you the ability to go back several weeks into your backup history, if necessary.
Air-gapping involves storing backups away from primary systems. It breaks down into two categories:
With air gaps, you can prevent hackers who penetrate your daily workload data stores from gaining access to your backups. This is good practice whether or not you’re using immutable backups.
By regularly testing your recovery system, you ensure that you can restore backups quickly enough to avoid excess downtime.
For instance, suppose you have an air-gapped immutable backup that you have to manually access using MFA. Once you’re inside the backup, you then have to copy files over so they can support live workloads.
This can be time-consuming. If you recently hired a new incident mitigation manager, they may not know how to do this quickly. So regular recovery testing would ensure they can access and restore backups as quickly as possible.
Audit logs are useful when you have to meet compliance standards that require you to demonstrate the ongoing security of your backup solution. They're also invaluable when you have to perform a forensic analysis of an attack.
If, for instance, an inside attacker were to access your immutable backups and try to make a change, the logs would make it easier to identify who tried the attack, as well as when and where they launched the assault.
Immutable backups can be the cornerstone of your Disaster Recovery as a Service (DRaaS) and Backup as a Service (BaaS) systems:
When you opt for immutable backups as you deploy DRaaS and BaaS, you add a powerful extra level of security.
Q: How are immutable backups different from traditional offline backups?
A: A traditional offline backup is disconnected from the system that powers your daily workloads. On the other hand, immutable backups can stay online and be air-gapped using logical infrastructure. It’s common for healthcare cloud solutions to use both traditional offline backups and online immutable backups.
Q: Can immutable backups replace all of my cybersecurity tools?
A: No. Immutable backups are an additional line of defense. You should still implement endpoint protection, network monitoring, firewalls, and other tools.
Q: Do immutable backups take longer?
A: No. An immutable backup can be performed just as quickly as a traditional one. Some types of air gapping may add extra time to your restoration process, however, because they may require manual copying and pasting and entering credentials.
Q: Are immutable backups compliant with HIPAA?
A: Yes, they support HIPAA requirements pertaining to data integrity and availability. But remember: you still have to make sure your backups meet other HIPAA standards, such as using the right encryption protocols and access controls.
Q: Can ransomware delete data in an immutable backup?
A: No—not if the backup is properly configured. No one can delete the data in the backup, not even system admins, until the retention time period expires.
Ready to use immutable backups to improve your disaster recovery system? Send our team a message today to learn how RapidScale can help.