VMware is pleased to share the news that Azure VMware Solution, our joint offering with Microsoft that provides VMware infrastructure in Azure Government regions, has received approval to be added the Azure Government FedRAMP High provisional authorization to operate (P-ATO) by the FedRAMP Joint Authorization Board (JAB). VMware and Microsoft announced general availability of Azure VMware Solution in Azure Government earlier this year to accelerate Azure migrations for users that must operate in a cloud environment meeting U.S. Government requirements. This new FedRAMP High P-ATO approval will enable broad adoption by agencies eager to deploy VMware workloads on Azure Government.  

FedRAMP – standardized protection for federal cloud users 

The Federal Risk and Authorization Management Program (FedRAMP) program was created to accelerate cloud adoption by consolidating the many security standards and authorizations imposed on federal agencies into a unified set of baseline requirements. With the addition of Azure VMware Solution to the services included in the Azure Government FedRAMP High P-ATO approval, federal agencies can further speed cloud adoption using fully consistent VMware Cloud infrastructure on bare-metal hosts in Azure Government data centers. 

Federal agencies with IT operations on the VMware platform can migrate their VMware workloads to a FedRAMP High approved cloud – Azure Government – and run them using a native Azure service – Azure VMware Solution – sharing that FedRAMP High approval. Most importantly, those workload migrations take place with no need for slow and expensive replatforming or refactoring because they continue to run on a standard VMware foundation of vSphere, vSAN, and NSX. Equally important, IT team skills and operational processes are transferrable to the Azure VMware Solution environment. Agencies that were stalled in their cloud migration projects by the unexpected costs and delays of those app modifications and re-training will find that Azure VMware Solution is a fast and direct path to Azure Government with regulatory approvals they need already in place. 

Migrate and modernize your workloads using FedRAMP approved native Azure services 

Azure VMware Solution in Azure Government offers more than just a destination for rapid cloud migrations. Azure Government offers over 160 native Azure services sharing its FedRAMP High approval that you can use to enhance and extend your migrated VMware workloads. Services for identity management, storage, databases, security, monitoring, and more are all in close proximity to Azure VMware Solution over high-speed Azure backbone network connections so you can modernize your apps at your pace while meeting requirements for FedRAMP High compliance. 

Azure VMware Solution public sector use cases 

Data center footprint reduction and migration 

Agencies can reduce their on-premises infrastructure footprint with a simple migration of their vSphere-based workloads to Azure Government in a non-disruptive, automated, and scalable fashion. 

Application modernization 

Developers can tap into Azure’s service and partner ecosystem and the VMware Tanzu platform to modernize applications incrementally without having to rewrite them from scratch. 

Data center expansion 

With flexible payment plans, agencies can quickly scale out data center capacity on-demand for seasonal, temporary, or regional needs. 

Cloud desktop virtualization 

Leverage high-performance infrastructure and fast networking for virtual desktop infrastructure (VDI) to burst on-premises VMware Horizon or other virtual desktops to the cloud or protect them against disaster. 

Disaster recovery to the cloud 

Use the VMware stack deployed in Azure Government as a fully consistent on-demand disaster recovery site for on-premises data center infrastructure with VMware or partner solutions. 

Azure VMware Solution offers proven savings 

Cloud spending is a concern of every public sector agency that is under pressure to migrate to the cloud while staying within capped or declining IT budgets. IDC’s recently published “Business Value of Azure VMware Solution” study provides convincing evidence of the savings agencies can expect to obtain, drawn from the experience of actual Azure VMware Solution enterprise users. IDC’s study documents 357% 3-year ROI, 37% lower 3-year cost of operations, and 9 months to payback among the benefits of migrating to Azure VMware Solution from an on-premises VMware infrastructure. As IDC found, “Study participants reported that the solution has provided a cost-effective, efficient, and high-performing platform that allows them to leverage existing investment and expertise in VMware and Microsoft technologies while benefiting from the agility and flexibility of the Microsoft Azure cloud.” 

More accreditations to come 

FedRAMP encompasses a wide range of federal cloud security requirements, but there are others important to government users being pursued by Microsoft and VMware. Microsoft has submitted Azure VMware Solution in Azure Government for Department of Defense (DoD) Impact Level 4 (IL4) and Impact Level 5 (IL5) authorization and expects approval in the first quarter of calendar 2024. Once approved for DoD IL4 and IL5 authorization, Azure VMware Solution will be added to the dozens of native Azure Government services already authorized. Our goal is to make Azure VMware Solution and Azure Government an easy choice for DoD and federal agency cloud migration projects.  

Learn more 

• Microsoft announcement that Azure VMware Solution has been added to the Azure Government FedRAMP High P-ATO  
• Azure VMware Solution in Azure Government Expands Cloud Options for U.S. Agencies – VMware Government blog 

• Azure VMware Solution in Azure Government solution brief 
• VMware Cloud Trust Center 

*DISCLAIMER: This blog may contain hyperlinks to non-VMware websites that are created and maintained by third parties who are solely responsible for the content on such websites. 

Imagine fishing in a remote location in Alaska when a crisis occurs. You’re caught in the middle of a storm, so the chances of someone coming to your rescue are slim to none. Now you are faced with having to find a solution on your own because failure is not an option.  

This mindset of “a hundred reasons to fail, but no excuses” is crucial to surviving our imaginary fishing scenario. It was also the driving force behind the State of Alaska’s rapid cloud migration effort.

The project was funded in July 2022 by Alaska Governor Mike Dunleavy, with the primary objective to reduce the risks associated with on-premise services. All executive branch servers were assessed, and everything that could technically migrate was moved with as minimal impact as possible to the application support teams. 

In the first phase of the migration, the State of Alaska chose to migrate the servers in their Anchorage data centers since that’s where they had the majority of their inventory and where they wouldn’t have to deal with limited bandwidth challenges. During this phase, 65% of servers were migrated or shut down, 7% underwent standard migration, and 15% were pushed to the second phase due to compliance, contractual or technical prerequisites. All servers were migrated on schedule with minimal app disruption and within budget.

Deputy CIO for the State of Alaska, Niel Smith, joined us at VMware Explore Las Vegas to share the story of Alaska’s success and how other states navigating similar cloud migrations can implement lessons learned.

Reeling in success with the captain’s support

According to Niel, the secret ingredient to the state of Alaska’s successful migration was not the technical bits — it was the executive support. 

Every organization wants to take on more projects than their resources allow. That’s why it’s essential to have an effective leader who can determine strategic priority, as lack of executive support is one of the primary reasons for project failures. 

“If somebody says, ‘We don’t have enough resources,’ I will challenge you. If you had nothing else to do and you took all of your people and worked on one thing, like COVID taught us, you have hundreds of resources. It’s a matter of setting priority,” Niel said.

In order to actually achieve the strategic goal, leaders need to allow their teams to say no to other projects so they can stay focused on the biggest priority. In this case, the governor sent a memo to senior state leadership saying that participation was not optional. A second memo followed, stating no more on-premise IT hardware would be purchased in the State of Alaska. That kind of leadership and focus lead to high participation rates. 

Casting away latency concerns 

Something that frequently comes up with migrations is latency concerns. While a valid concern, it shouldn’t be an issue with the right cloud migration approach.

The distance between Anchorage, Alaska, and the Azure server in western California is a whopping 2,400 miles. Despite the distance, they can send data in less than 100 milliseconds from their primary data center to a primary cloud location. Simply put, the data transfers are fast, and the system is working well. 

“Let me tell you, there are people in Alaska who think that we are so big and so remote and so special that we defy the laws of physics and the speed of light,” Niel said. 

Through trial and error, one thing Niel learned is not to put a web server in the cloud and leave the database on-premise. A person sitting on-premise with a workstation accessing the front-end web server is no different than someone sitting on their tablet, browsing a web page that’s hosted halfway around the world. 99% of the time, it’s going to work.

Hook, line, and partner: Avoiding impact together 

Avoiding impact to applications during migration is challenging, but that’s where working with a partner like VMware can help.

The Azure VMware solution allows IT teams to accelerate cloud migration by running VMware infrastructure software as a native Azure service on bare-metal hosts in Azure data centers. It allows users to maintain operational consistency of existing VMware investments while leveraging the scale and performance of Azure. 

For this project, Niel decided to stand up VMware in their Azure data center because of its ability to stretch subnets between locations without breaking sessions. And in an effort to save time, Niel’s team chose their partner before the money was even available to them. This saved them months of delay. 

Navigational insights 

As with any successful project, Niel and his team walked away with several key learnings: 

• Implement a communications plan 
  • Something that surprised Niel was the need for a solid communications plan. It turned out that the hardest part wasn’t the tech, it was getting project buy-in. Niel learned very quickly that having the governor’s mandate did not mean that everybody was going to be onboard with the plan. FUD (Fear, Uncertainty, and Doubt) occurs every time a new project kicks off, and that can stop a project just as fast as a broken circuit. Make sure you are thinking through an appropriate communications plan to get all of your key players and stakeholders onboard, try to ease their concerns, and be ready to answer their anticipated questions. 
• Compliance checklist 
  • Compliance is essential and should never be treated as an afterthought. Trying to figure out the compliance requirements as you go will slow down the migration process. To ensure a speedy migration, create a checklist ahead of time. What do you need to do to be compliant with the IRS? HIPPA? Having a list from the start will keep things running smoothly.
• Immutable backups 
  • An unplanned business continuity benefit of moving to the cloud was the availability of immutable storage backup solutions. Research shows that people come into your network when it’s compromised and are in there approximately six months before your payload gets triggered. So, it’s good to have immutable backup copies for at least six or more months. It may cost more, but it’s going to be worth it for critical public service applications. 
• Customer-managed encryption keys 
  • To meet compliance requirements in cloud facilities, use customer-managed encryption keys to isolate data from the cloud service provider’s infrastructure for more security. These keys encrypt the storage at rest and encrypt the application in transit. So it doesn’t matter where those applications are sitting — if you are in the data center supporting it, to you everything is encrypted. Both the IRS and the FBI are already leaning down that road for customer-managed keys.

Not only does cloud migration modernize technology, but employees learn a lot in the process.  Once you’ve crossed over the hurdle of migrating to the cloud, you’ll have greater visibility into your environment, and future modernization will only become easier down the road. Simply put, the hard work is done. 

Interested in learning more? Watch the full on-demand session recording from VMware Explore Las Vegas here.

This August, we had another fantastic run at VMWare Explore in Las Vegas, our yearly rendezvous for tech aficionados where we dive deep into the multi-cloud universe and examine what new products and exciting upgrades we’ve made to our extensive catalog of top-tier multi-cloud solutions. (If you missed this year’s event, be sure to save the date for VMware Explore Las Vegas 2024.) 

We had the privilege of hearing from customers across the public sector in a series of industry sessions and workshops. Each panelist shared their experiences in harnessing VMware’s capabilities to enhance operational efficiency within their respective domains, ultimately centering around one crucial question: 

How can public sector organizations leverage multi-cloud and AI solutions to drive greater performance and better outcomes?

The State Of IT In Today’s Public Sector

Government organizations aren’t necessarily known for their technical chops. But thanks to a steady increase in public sector innovation, that perception is gradually changing. Today, roughly 95% of public sector IT leaders we surveyed indicated that they’re focused on building a multi-cloud environment, and that figure is showing steady signs of increasing.

Still, digital transformation in the public sector proves sluggish. Among other challenges, organizations in the early stages of cloud adoption and development frequently experience what we like to call cloud chaos: the frenzied, “cloud-first” approach to migration that results in inefficiencies. 

Our panelists underscored their pivot from cloud chaos to cloud smart, a strategic shift towards intelligent workload placement while considering factors like cost and performance, locality, and latency. VMware solutions emerged as key drivers in this pivot, enabling operational efficiencies and lowering costs.

Moreover, each panel guest delivered rich insights into how multi-cloud solutions help public sector clients serve their constituents more impactfully. Here, we’ll explore four key takeaways from the session: the modernization and migration of applications to the cloud, the development of mission-critical applications, lessons learned along the way, and a sneak peek into the future of artificial intelligence within multi-cloud environments.

Migrating & Modernizing Applications

We began our panel discussions with Neil Smith, Deputy Chief Information Officer of the State of Alaska, and Matt Van Syckle, the State of Montana’s Chief Technology Officer. Both explored how they’ve used VMware solutions to migrate applications to a multi-cloud environment while bolstering overall resilience and security. 

In response to the pandemic, the State of Alaska initiated a rapid cloud migration project in July of 2022. The goal was to reduce on-premises risk to critical services. The state had previously attempted cloud migrations with mixed results, but the availability of Azure VMware solutions played a crucial role in streamlining the migration process. As a result, the IT department was able to migrate 65% of its servers in only 10 months. 

The State of Montana was an early adopter of automation and operations solutions, particularly ARIA automation, a unified management solution for VMware cloud and multi-cloud environments. Today, the state leverages VMware Cloud on AWS for disaster recovery and to establish pre-approved locations for workload placement, making it easier to move compute and storage while adhering to compliance standards.

Building Mission-Critical Applications 

Organizations like the Marine Corps and the Department of Corrections make high-stakes decisions every day. They need technology that’s as robust as they are to support their operations. 

That’s what Jeffery Funk, our next panel guest and Program Director for the California Department of Corrections and Rehabilitation, is responsible for building. Leveraging VMware Tanzu, Funk accelerated the development of an unprecedented mobile application for parole operations in four short months. The app’s success led to a statewide rollout, transforming parole operations altogether—especially considering the absence of mobile device management and limited infrastructure at the outset. 

We also heard from Charlie Bahk, the Director of the Marine Corps Software Factory. Initially, the Marine Corps recognized the need to modernize its operations to adapt to the evolving threat landscape, transitioning from conflicts against non-peer adversaries to the challenges posed by more advanced peer adversaries. VMware’s technology and collaboration with industry partners enable the Marine Corps to accelerate software development projects in response. The Marine Corps are actively developing software solutions to address tactical challenges, such as maximizing commercial radar assets for intelligence purposes and improving logistics sustainment through innovative applications like QR code technology for unmanned aerial assets. 

Journey To The Cloud: Lessons Learned 

Our panelists highlighted the importance of cultural buy-in and mandates for adopting multi-cloud technologies in the public sector.

• Clear mandates from leadership can drive cultural change and adoption of new technologies. And while mandates can drive change, it’s essential to balance them with education and support to ensure that individuals and departments understand the reasons behind the changes and how to navigate them effectively.
• Moreover, working in tandem with VMware underscored a key insight: ​there’s no need to reinvent the wheel. Collaborating with organizations or individuals with expertise in the field can significantly accelerate software development efforts, which is what we always strive to accomplish for our customers.
• Finally, success breeds success. Achieving early wins—like the rapid deployment of mobile applications—can change perceptions and lead to increased support for further initiatives. Nobody will argue with results, and demonstrating results early on can aid organizations in receiving collective buy-in from key stakeholders.

Last Words: Public Sector Perspectives on AI 

There’s no doubt that multi-cloud management operations will be enabled by smart new uses of artificial intelligence and machine learning. In fact, it’s already occurring: leveraging novel uses of traditional VM platforms, organizations like the U.S. Navy are creating digital twins to improve the accuracy of ballistic missile targeting systems like Aegis.

The Aegis Combat System, which includes the AN/SPY-1 radar, can track and engage multiple targets simultaneously. Training the virtual system with AI and machine learning has made the physical system remarkably capable of acquiring, tracking, and targeting incoming missiles with greater precision.
This certainly won’t be the last we’ll see of AI in the public sector. The future is here, and we’re proud to help our customers foster innovation for a modern, technology-driven public sector that is prepared to meet the challenges of tomorrow. Get in touch with our experts to learn how we can help your organization pioneer the future of public sector excellence.

Ransomware attacks against healthcare providers continue to threaten care and lives. As I recently wrote in my last post, the healthcare landscape is vulnerable to ransomware due to a host of institutional, regulatory, and technological issues. 

According to a 2022 Sophos global survey of more than 5000 IT professionals, more than two out of three organizations have been the target of ransomware attacks. If and when ransomware attacks take place, healthcare organizations–and their infosec teams–can use planning and preparation to minimize attack risk.

Unfortunately, traditional antivirus and vulnerability assessment tools may not protect organizations because many ransomware attacks are fileless and instead based on lateral LoTL (Living off the Land) approaches. Preventing lateral movement-based infection attacks requires a next-generation antivirus tool that applies Zero Trust Architecture.

Identifying the right next-generation tool that integrates both strong defenses and robust recovery options is crucial. Without it, healthcare organizations are vulnerable to attacks that can threaten lives, cause reputational damage, and disrupt medical care. 

The Danger of Ransomware Attacks

Preventing ransomware attacks isn’t just about preventing financial harm, it’s about saving lives. A report in Health Services Research, which leveraged data from the Department of Health and Human Services and Medicare Compare, found that ransomware attacks typically add an extra 2.7 minutes to response times for heart attacks–leading, in turn, to an additional 36 deaths per 10,000 heart attacks each year. 

Additional challenges also happen during the ransomware attack recovery process. Healthcare organizations that opt to pay ransom payments and rely on their cybersecurity insurance policies to mitigate losses encounter further issues. Sophos’ survey found that 96% of victims either did not get their complete data back after paying ransom or had data leaked to the public. As a result, many insurance companies are either hiking premiums or not renewing cybersecurity insurance policies whatsoever.

Having a streamlined ransomware recovery workflow and an accompanying business continuity process makes the recovery process much quicker. This helps protect patients and minimize fallout from successful attacks.

Minimize risk through Protect and Recovery

As we discussed in my previous post, there are several industry solutions and strategies for combating the Ransomware attack. Strategy and solutions are classified under two key categories: protect and recover.

• Protect

Building a strong defense through ZTNA is key in preventing the minimizing the attack surface. Selecting solutions with built-in security functionality that quickly integrate into the environment is especially important. VMware, for instance, has a strong portfolio of products with intrinsic security built directly into the virtualization layer. With most organizations virtualizing upwards of 80% of their workloads, intrinsic security solutions can streamline the process.

One solution, VMware Carbon Black with Next-Gen Antivirus and Extended Detection and Response (XDR), analyzes attacks and behavior patterns to detect and stop never-before-seen attacks. Another tool, VMware Workspace Security Solutions, prevents and minimizes attacks with conditional and role-based access. It provides a comprehensive approach for total endpoint security with intelligence insights and analysis while allowing users to secure any app on any device.

Implementing East-West security and preventing lateral movement is also extremely helpful in decreasing the risk of successful ransomware attacks. VMware NSX Distributed Firewall is another solution that provides Advance Threat Protection and automates building Zero Trust Architecture policy.

• Recover

With the increasing danger of ransomware attacks, it’s essential that organizations deploy robust ransomware recovery solutions that comply with both cybersecurity insurance audits and security assessments. 

While traditional backup and disaster recovery plans don’t mitigate ransomware risks, they help with recovery. One step that healthcare organizations can take in making recovery easier is building iterative recovery workflows for selecting restore points. Finding the right backup and isolating and cleaning it before putting it back into production can take anything from several hours to several days. Selecting a recovery solution that includes quick identification for restore points and network isolation capabilities speeds up the restore process considerably, decreases downtime, and improves the availability of patient care systems.

Because many organizations are not able to recover their full data even after paying a ransom and still have sensitive data encrypted, they need alternatives. The most comprehensive solutions for robust ransomware recovery solutions assist with pre-breach protection and detection and post-breach recovery. These comprehensive solutions help users minimize breach damage and recover from breaches quickly with minimal effort. 

When deciding on disaster recovery solutions, it is important to carefully analyze and look for the specific capabilities needed during ransomware recovery. VMware VCDR is a solution for restoring both systems and data with reduced upfront cost and minimal time to restore. VCDR has an additional Ransomware Recovery Solution add-on that can help with faster recovery with both a step-by-step workflow and built-in Isolated Recovery Environment (IRE).

Strategies For Healthcare Settings

For healthcare settings in particular, protecting both biomedical and Internet of Medical Things (IoMT) devices has become a challenge. I have written about this previously as the threat landscape is rapidly changing, and there may be dissonance between leadership and security teams.

VMware SASE solutions provide improved clinician and patient experiences with insights, analytics, and built-in security. And, they integrate well with other solutions in building strong segmentation layers around connected devices.

Strong disaster recovery solutions help as well in the ransomware context. While disaster recovery can encompass everything from hardware malfunctions to physical damage to a Data Center or data corruption, ransomware attacks are significant events that not only cripple system access but also potentially lead to reputational damage.

Reputational damage compounds the potential damage from ransomware attacks. This can mean cascading consequences that not only prevent system access and ruin brand reputation but also lead to tremendous financial strain with loss of revenue coupled with punitive damages in addition to risking patient health.

As the saying goes, an ounce of prevention is worth a pound of cure. When it comes to prevention and cures, don’t settle for painkillers–see the specialist. Cybersecurity insurance doesn’t help with prevention or cure and still leads to losses. Building a strong Zero Trust Architecture is the prevention. You can find products with intrinsic security that require minimal integration which helps with prevention. And if you cannot prevent it, then cure it by choosing a comprehensive disaster recovery solution with a Ransomware Recovery Solution.

Cost Savings And ROI

One way to get started testing out the right approach is a pilot lite deployment on the cloud; this will save on hardware costs and allow your team to test different options. This can help minimize security operations center and security team costs in building and maintaining IRE.

Adopting this approach can help reduce cybersecurity insurance premiums as well, leading to additional cost savings. And, quick recovery saves organizations from extended downtime and minimizes revenue loss.

In an era where ransomware attacks have become the norm, healthcare organizations can no longer afford to take passive approaches to cybersecurity. Ensuring a robust ransomware recovery plan is a necessity, and it is one that goes beyond simply relying on cybersecurity insurance. 

Next-generation antivirus tools that apply Zero Trust Architecture can help prevent and minimize attacks while helping healthcare organizations protect their systems, data, and reputation. In the battle against ransomware, being proactive is key. 

Investing in prevention and robust recovery solutions is the best way organizations can safeguard patient health and organizational reputation.

As we increasingly focus on enabling customers to deliver on their key priorities and drive to mission success and less on individual products, it drove our decision to rebrand the vRealize Suite Cloud and the individual products into a unified name. The VMware Aria Suite Cloud^TM for US Public Sector signifies a single, unified cloud management solution that provides customers the promise to remove the noise and confusion generated by today’s highly complex multi-cloud environments and provide harmonious cloud operations. We are excited to announce that we have been recognized as a leader in the The Forrester Wave: Hybrid Cloud Management, Q4 2022. The strengths of our end-to-end solution built to handle the most complex hybrid clouds is one of the reasons for the recognition.

The Aria Suite Cloud as part of VMware Government Services portfolio maintains the FedRAMP JAB High Authorization that is vitally important to government agencies to secure the data on a cloud platform. 

As government agencies are migrating workloads to the cloud, a portion of the workloads will remain on premise creating hybrid environments that need to be managed. The Aria Suite Cloud gives government teams a range of powerful tools to achieve a consistent cloud operating model across these multiple environments. This includes automation, orchestration, advanced analytics and reporting, and a unified interface for managing workloads. The suite of products helps customers avoid siloed cloud operations, reduces training needs, and ultimately saves on cloud costs and complexity. Agencies can leverage the power of Aria Suite Cloud to achieve a consistent cloud operating model and reduce complexity.

The suite includes:

• VMware Aria Automation delivers a modern infrastructure automation platform for both traditional and cloud native workloads, powered by DevOps principles and the Salt Project open source community.
• VMware Aria Operations delivers continuous performance optimization, efficient capacity and cost management, proactive planning, intelligent remediation, and integrated compliance—powered by AI and predictive analytics.
• VMware Aria Operations for Logs delivers centralized log management, deep operational visibility, and intelligent analytics.
• VMware Aria Hub Subscription delivers easy onboarding and management of your SaaS-based subscription usage and consumption.

The graphic below shows the complexity of hybrid cloud management by the numbers.

Explore these additional resources to learn more about VMware’s Aria Suite and our many other capabilities.

• VMware Aria
• VMware Trust Center

In our previous post, we examined the risks posed by ransomware attacks on healthcare organizations and why healthcare is different from other industries.  Because the healthcare ecosystem is so complex–encompassing everything from HIPAA-compliant management of patient records to network integration of life-supporting medical devices–it is a uniquely vulnerable target for ransomware attacks that are potentially lucrative for criminals. These ransomware attacks are especially important to combat, because they potentially threaten public health and risk patient lives. The augmented expenses incurred in safeguarding against these attacks are rationalized by the tangible benefits accrued to patients.

Ransomware attacks can be devastating, and recent attacks show why a solid ransomware strategy is so important. For example, a 2023 attack on a single medical group led to outages at healthcare facilities in several states which shut down emergency rooms and required ambulances to divert to other hospitals. 

Planning to prevent and mitigate ransomware attacks is not just about data protection, but about protecting patients and protecting the public from catastrophic outcomes. The onus is not just on information security professionals but also on every individual in the healthcare domain. It’s imperative that organizations not only adhere to compliance measures but also surpass their obligations by prioritizing security and patient well-being.

In this discussion, we will take a closer look at the strategies employed by industry experts to defend against the growing threat of ransomware attacks and recover from those threats. The focal points of these strategies center around the key themes of people, processes, and technology.

People

• Training and Awareness

One of the most critical steps to protecting against cyberattacks is to educate and train all staff members, vendors, and contractors about the dangers of ransomware. They are the first line of defense and should be well-versed in identifying suspicious emails, links, and attachments. 

As we discussed in our previous post, the healthcare sector, particularly clinical staff, requires heightened user education and outreach to address ransomware risks effectively. Given the landscape of digital health practices, caregivers engage with external patients, rendering them more vulnerable to phishing attacks. It’s important to invest in continuous education through awareness workshops, and training. This approach can aid employees in cultivating a security-conscious mindset and, in turn, make more informed decisions to avoid falling victim to phishing attacks.

• Incident Response Teams

Another important thing organizations can do to prevent ransomware attacks and mitigate damage is to staff and maintain dedicated incident response teams composed of individuals with the expertise to handle security incidents effectively. Establish a Security Operations Center (SOC) and/or Security Incident and Event Management (SIEM) team around the clock. These teams should have well-defined roles and responsibilities and be well-prepared to respond to ransomware attacks swiftly. SOCs may cost over a million dollars a year to staff and operate, but they remain the most useful frontline tool for fighting ransomware attacks.

• Cultural Shift and Employee Engagement

Fostering a culture of cybersecurity awareness and vigilance can encourage employees to report potential threats as soon as they occur. The leadership team should instill a sense of responsibility among all employees by highlighting the sensitive details and the governing regulations around PPI and PHI data to prioritize security in their daily activities and to report any potential security risks promptly. This can help in early threat detection and containment.

• Everyone plays a vital Role

While it’s important for leadership to take charge in cultivating the right culture, preventing and minimizing ransomware attacks should be a team effort across the organization. Vulnerability assessment teams assist in identifying potential weak points in architecture and improving scanning, while infrastructure teams assist with patching remediation and coordinating software updates. Penetration testing teams can identify security weaknesses at the same time that disaster recovery and business continuity teams can make sure servers and systems keep running in case of cyberattacks.

Process

• Patch Management

Proactively and consistently check on the effectiveness of your systems, ensuring that the software is up-to-date, patched, and strong enough to rectify any vulnerabilities that ransomware could exploit. Streamline this process and reduce vulnerabilities through a formal patch management program and have a process in place to handle zero day vulnerabilities. 

• Segmentation

Employ network segmentation to partition the network into isolated sections into application groups or segments that are only communicating to other systems within the segment. This inhibits the proliferation of ransomware across the network by impeding lateral movement. Make sure firewalls are set up between production and QA environments and only allow systems to communicate with systems that need to communicate.

• Need and Role-based Access

Zero Trust Network strategy and principles should be applied. Multi-factor authentication should also be implemented as per industry best practices. Need-based access policy must be adopted—implementing the principle of least privilege restricts users’ access to only the resources necessary for their roles, reducing the potential attack surface.

• Backups and Recovery Plans

Develop and sustain a robust backup strategy encompassing vital data and systems. Protect these backups by storing them offline or within isolated networks to preclude ransomware compromise. Establish a process to regularly test the reliability of backups.

• Incident Response Plan 

Define and build a well-documented incident response plan detailing actions in the event of a ransomware attack. This plan should encompass notification protocols, designated roles, communication procedures, and steps for reinstating systems using backups.

• Vendor Accountability

Medical devices often operate on outdated hardware and software systems, so continuously updating and reviewing cybersecurity protocols and policies is paramount. It’s crucial to actively engage with vendors to ensure the provision of security patches. Implement firewall rules, and segment devices to reduce vulnerability and minimize attack surface. Establish processes with vendors and make them accountable for making sure security updates are in place for the critical systems. These processes are pivotal in empowering people to enhance their efforts in fortifying Ransomware Defense and Recovery practices.

Technology

• Endpoint Security and Device Management

Deploying robust endpoint security solutions including antivirus software, intrusion detection systems, and behavior monitoring tools can help identify and prevent ransomware attacks before they can cause significant damage. While various tools and software solutions are available, it’s crucial to ensure their seamless integration with existing infrastructure and alignment with essential cybersecurity practices and policies. Strive to uphold a balanced approach, steering clear of excessive software proliferation, which could strain resources required for integration, maintenance, and support.

• Email Security and URL Filtering

Deploy robust email security solutions to filter out phishing emails and malicious attachments before they reach user’s inboxes. Use secure mail and encryption for critical email communication to protect and be intercepted by cybercriminals. Incorporating advanced threat protection can effectively detect and halt emails containing ransomware payloads. Apply spam filters that filter unwanted email like bulk and spam messages and allow users to flag and report suspicious mail. Deploy URL filtering tools to ensure users only access safe and secure websites.

• Network Monitoring 

Use network monitoring tools to identify uncommon activities and anomalies that might signal a ransomware attack. Intrusion detection systems and Security Information and Event Management (SIEM) platforms can play a pivotal role in detecting potential threats. Monitor web traffic and inspect potential security risks. 

• Network Segmentation

Implement technology to partition the network into distinct zones, each with restricted communication paths, effectively curbing the lateral movement of attackers. This prevents ransomware from spreading across the entire network.

• Advanced Threat Detection

Implementing advanced threat detection solutions that use machine learning and AI to identify anomalous behavior and patterns can help detect and mitigate ransomware attacks in real time.

• Encryption

Deploy storage solutions that have the capability to encrypt sensitive data both at rest and in transit. Encryption adds an extra layer of protection against unauthorized access, even if attackers manage to infiltrate the network. 

• Multi-Factor Authentication (MFA)

Deploying authentication solutions enforcing MFA for accessing critical systems and applications adds an additional layer of security, making it harder for attackers to gain unauthorized access.

• Protect Backups

A ransomware attack can encrypt backups preventing a recovery. Malicious code can be replicated or backed up which can cause delay in recovery or loss of data. Choose backup solutions that can effectively protect backups by keeping them air-gapped and immutable. 

• Recovery Environment

Organizations should build and actively maintain an isolated recovery environment (IRE), which periodically bridges the air-gap for necessary system updates. This setup can be readily accessed in critical situations to expedite recovery efforts. Deploy recovery solutions that will aid in creating and maintaining an IRE.

• Ransomware-Specific Tools 

Some security solutions are designed to specifically combat ransomware. These tools may include behavior analysis, file recovery mechanisms, and decryption capabilities. These tools also help with minimal Recovery Time Objective (RTO) by providing quicker access to Restore points.

Technology serves as a pivotal pillar in supporting the people and process in the battle against ransomware. VMware VCDR and Ransomware Recovery as a Service is one leading solution that provides comprehensive capabilities to both protect and recover from ransomware attacks. 

Stay tuned for the final blog post in this series where we will delve into the best practices for mitigating ransomware risks.

In recent years, healthcare organizations have dramatically accelerated cloud adoption. According to research conducted by VMware, 89 percent of healthcare IT (HIT) leaders are currently migrating “all suitable applications from data center to cloud.”¹ Global healthcare cloud decision makers cite improvements to security, disaster recovery and business continuity as top reasons for adopting public cloud.²

In its Trends in Organizations’ Hybrid and Multi-cloud Strategies report, ESG noted that 70 percent of businesses admit that their organizations have had one or more cloud projects “fail or be delayed due to a lack of skills.”³ What’s more, 50 percent of HIT leaders think they lack the IT skills on their team to increase their cloud investments.⁴

To bridge the skills gap, healthcare providers need to ensure teams are well-versed and supported in multi-cloud technologies and best practices. While formal cloud certifications remain important, organizations should also invest time and resources into formalizing training programs that develop critical cloud skills such as architecture, AI/ML, DevOps, automation, analytics, and other specialized topics like healthcare-specific regulatory requirements. Organizations should focus on training their existing staff and remain committed to continuous learning and development.

50% of healthcare IT leaders think they lack the IT skills on their team to increase their cloud investments⁴

Of course, training alone isn’t enough. Healthcare providers need to be sure they have the right technologies, tools and processes in place to accelerate innovation and ensure the safety and security of their data. This means having a comprehensive cloud strategy that takes into account app modernization, hybrid and multi-cloud interoperability, multi-cloud operations, compliance, governance, risk management, and future-proofing; as well as investing in vendors and technologies that facilitate simplicity and interoperability between on-premises and hybrid/multi-cloud infrastructures without the need for extra staff. This second part looks something like this:

• Implementing and operating full-stack, extensible software-defined services across on-premises and public cloud environments. This can be done for all compute, storage, networking, security and cloud management right from your data center.
• Deploying a cloud operating model in your data center. Extend the same operating model to all of your public clouds for operational consistency.
• Centralizing monitoring and integrating automation and observability capabilities across your multi-cloud estate to simplify deployment and lifecycle management, and identify and remediate issues in the shortest time possible.

In addition, ensure that all IT leaders across the organization are nurturing a culture of innovation, change and partnership within the business. With ransomware an ever-present threat to healthcare organizations, you also need an efficient networking and security architecture with lateral security controls that can detect anomalous behavior and contain and evict threats.

VMware solutions help healthcare providers do more with the resources you have today:

• Fast, effective, low-risk migrations: Move VMware vSphere^®-based applications to the public cloud without refactoring or reconfiguring.
• Turnkey cloud infrastructure service: Leapfrog to a multi-cloud infrastructure and operating model built to meet the stringent requirements of healthcare applications and systems.
• Use existing tools and infrastructure: Empower and up-skill existing staff using the same tools and technologies they know today.
• Operate one or more public clouds consistently: Stay on VMware-consistent infrastructure regardless of cloud and manage existing applications, modern apps and native cloud services using one console.

Multi-cloud innovation in healthcare is within every provider’s reach. Read our newest eBook for more insights on how to leverage existing VMware infrastructure to extend to public cloud affordably and securely.

¹VMware. “FY24 Enterprise Operational Excellence Study.” N=120 Healthcare technology decision-makers (Q16). 2023.

²Forrester. “The State Of Cloud In Healthcare, 2023.” May 2023.

³Enterprise Strategy Group. “Trends in Organizations’ Hybrid and Multi-cloud Strategies.” December 2022.

⁴VMware. “FY24 Enterprise Operational Excellence Study.” N=120 healthcare technology decision makers (Q16). 2023.

Retail Stores and New Technologies

The evolution of the retail store is happening at an alarming pace. New concepts, customer requirements and regulatory changes are forcing retailers to adopt new technologies in their stores just to keep up with ever-changing attitudes of buyers, as well as the competition. 

VMware Retail Edge allows retailers to transition to a software-defined environment where point-of-sale (POS), loss prevention and other retail front-of-house and back office workloads are shifted to the edge. VMware Retail Edge can work with infrastructure that’s already in place, so the cost of migrating workloads is minimal, which maximizes the ROI.

Many Issues, One Solution

With sometimes 100s if not 1000s of stores, rolling out new business services and keeping them secure and compliant throughout their lifespan used to be an extremely difficult process.  Recent technologies have enabled new opportunities that stretch from loss prevention through to rapid innovation at scale, like customer hyper-personalization. On too many occasions, however, each can be its own silo, with its own business justification and case. This leads to extra complexity and cost.

Retail stores face many hurdles that technology can ease. Here are some of the issues at hand.

• Customer Engagement – There are many ways that a retailer can add value to the customer’s shopping experience―from buy-online-pickup-in-store (BOPIS) through to in-store interactive digital signage. Behind the scenes, retailers need valuable insights to provide hyper-personalized shopping experiences while optimizing store layout and product placement.
• Loss Prevention – According to an NRF report Retail experienced nearly $100 billion in theft and fraud in 2022 alone. Traditional security and camera systems are limited in their capabilities―they are heavily reliant on human interaction and may not provide automated real-time alerts for critical events, such as shoplifting, unauthorized access or incidents, like spillages, that require immediate attention. They often lack advanced analytics capabilities to identify patterns and trends, limiting the retailer’s ability to optimize operations and prevent future negative incidents.
• Point-Of-Sale and Back Office  – Every retailer has customer-facing solutions in the form of POS to transact with customers.  Retailers also have a wide variety of other technologies running in the retail front-of-house, including kiosks, self-checkout, digital signage and more, as well as back office services like Store Manager PCs. Each of these end points consists of a hardware device and an operating system. These devices represent a significant investment in time and resources to maintain. Their lifecycles often are out of step and retailers can incur massive tech debt related to the traditional rip and replace deployment models they have been forced into historically.
• Store Infrastructure and Space – As the retail store continues to evolve, requirements for infrastructure have increased. For most, space often is limited and at a premium. Additionally, IT teams are faced with the challenge of deploying, maintaining and, eventually, replacing systems and applications that are required to run in store. This includes database servers, payment controllers, POS infrastructure, DVRs and more. Where do you put it?

VMware: Solutions for Today’s Retail Store

VMware Retail Edge Solution is built on the VMware Edge Compute Stack and provides the in-store infrastructure foundation that allows retailers to innovate. It leverages the management, security and monitoring tools, as well as the processes, that are already familiar, but at the edge (the store) and it scales! Whether retailers need to run legacy applications or modern ones, they will happily co-exist on VMware Retail Edge, enabling businesses to deploy the much-needed solutions to drive brand sentiment, customer retention and bottom-line margin improvements―all from one platform.

IT teams gain the benefit of working with proven architectures that they have used elsewhere in the business. Since workloads are consolidated, future solutions can be deployed and managed easily. Updates can be scripted and orchestrated using DevOps solutions. And finally, having a “store-in-a-box” approach allows for rapid deployment, as well as the ability to pivot when consumer demands change.

“VMware’s Retail Edge solution transforms the way we can rollout and support our client’s retail stores enabling rapid innovation at scale.  Cognizant and VMware enable our retail clients to rapidly deploy and test new technologies in-store, and at point of sale (POS) to provide a seamless, digital customer experience leveraging generative AI services, while optimizing on costs. We can combine the tools we have relied on for years to manage the data center, and new tools to now support hundreds of stores across any geography without a costly hardware upgrade. This vastly simplifies the support model, but also allows us to rapidly deploy new services and technologies for our clients in stores.” – Scott Headington, Vice President Industry Solutions for Retail at Cognizant.

Ok, But Where Do You Put It?

New software solutions often require a place to run in the store. Traditionally, IT teams would rack up a new server and, in some cases, deploy additional in-store devices to access the service. Many solutions come to market and test well in a small-scale proof of concept, but never get deployed because of large-scale complexity.

VMware Retail Solutions are built with the scale and complexity of retail in mind. VMware is foundational in allowing retailers to be transformational. Retail Edge provides a modern solution for deploying AI workloads, a robust and secure platform for loss prevention, with computer vision-based solutions. This helps to minimize store infrastructure and accelerates digital transformation by enabling the virtualization of retail store infrastructure and end points.

Enabling Loss Prevention

Today, loss prevention efforts are advancing by leaps and bounds by leveraging AI/ML to provide real-time insights and alerts to personnel for faster action. Computer vision is providing the actionable data insights for retailers to become proactive, rather than reactive, in store management. 

As computer vision AI becomes more mainstream for retailers, implementing these solutions continues to be a challenge because of the requirement to deploy new infrastructure. And as mentioned, space and cost continue to create hurdles for retailers that can be hard to overcome.

Computer vision AI can identify suspicious in-store behavior or unusual traffic patterns and alert staff as, or before, an incident occurs. Additionally, cameras enabled with AI can monitor shelves for resupply needs to prevent lost revenue and dissatisfied customers.

With VMware, computer vision leaders, such as Chooch, offer retailers the solutions they need to become more proactive, rather than reactive, in loss prevention, as well as with inventory management and supply chain optimization.

 “VMware Retail Edge is a key part of the future of AI Vision solutions for retail loss prevention and supply chain optimization. It is providing a secure digital foundation for deploying secure AI workloads on the edge, across multiple clouds, which allows retailers to increase revenues, improve profits and spend less time on IT infrastructure costs and operations.” – Anubhav Saxena, President & COO, Chooch.

The Next Step

If you’d like to learn more about how VMware is changing the retail landscape, please head over to: https://www.vmware.com/solutions/industry/retail-it-solutions.html

In recent years, with the increasing use of cloud services and reliance on information and communication technology (ICT) in the industry, financial services regulators have provided extensive Operational Resilience guidance, covering areas such as pandemics, cybersecurity, ICT outsourcing, and ICT third-party risks respectively. Before I describe how VMware offers our financial services customers choice to meet their regulatory compliance demands, how should we understand “Operational Resilience” in the context of the financial services industry?

Let’s explore this through examples from prominent regulatory bodies:

To summarize, Operational Resilience involves a comprehensive approach to ensuring that essential customer services (e.g. customer banking, payments, etc.) can be delivered continuously regardless of disruptions and that financial services organizations can respond and recover effectively to maintain its critical operations and business functions. Key components include the ability to identify and protect against threats, respond and adapt to disruptive events, and recover and learn from incidents to mitigate their impact on critical operations and core business lines.  

Furthermore, here are some examples of how regulators in Europe and North America are strengthening industry regulations around Operational Resilience: 

European Union

The Digital Operational Resilience Act (DORA) by the European Commission introduces extensive regulations for managing Digital Operational Resilience, aiming to mitigate risks related to ICT systems and third-party dependencies. DORA seeks to rationalize the fragmented European financial services regulatory landscape by establishing a comprehensive EU-wide framework with no overlaps or gaps. DORA entered into force in January 2023 and shall apply to all EU member states from 17 January 2025.

DORA puts detailed requirements on FS firms across five pillars:

• Risk management – firms must have a comprehensive and well-documented ICT risk management
• Incident Reporting – firms must report major ICT-related incidents 
• Digital operational resilience testing – firms’ business continuity and disaster recovery plans must deliver high levels of operational resiliency and tested regularly (at least annually)
• ICT third-party risk* – firms must manage ICT third-party risk as part of their overall risk management framework
• Information & intelligence sharing – firms are encouraged to share cyber-threat information to enhance operational resilience of the entire financial system

*Under DORA, “critical” ICT third-party providers now come under the direct supervision of EU financial services regulators.

United Kingdom

The UK’s supervisory authorities (collectively the Financial Conduct Authority (FCA) and Prudential Regulation Authority (PRA), along with the Bank of England)) initially released its final rules and guidelines in March 2021. Financial Services firms in the UK are expected to adhere to these requirements to ensure operational resilience by a deadline of 31 March 2025.

Key actions include:

• Identifying vital business services that could harm consumers, market integrity, firm viability, or financial system stability if disrupted.
• Setting impact tolerances for maximum allowable service disruption.
• Conducting thorough mapping, testing, and vulnerability assessments.
• Undertake lessons learned exercises to enhance response and recovery capabilities.
• Creating communication plans for service disruptions.
• Preparing self-assessment documentation.

And by 31 March 2025:

• Perform mapping and testing to stay within impact tolerances for crucial business services.
• Make necessary investments for consistent operation within impact tolerances.

North America

In October 2020, an interagency paper titled “Sound Practices to Strengthen Operational Resilience” was released by the United States Office of the Comptroller of the Currency (OCC), the Board of Governors of the Federal Reserve System, and the Federal Deposit Insurance Corporation collectively. This interagency paper consolidates existing regulations, guidance, and common industry standards in one place to provide a comprehensive approach that banks may use to strengthen and maintain their operational resilience.

The sound practices are anchored by robust operational risk and business continuity management, informed by rigorous scenario analyses and testing, consideration of third-party risks, and planning for alternative service providers where necessary.

Additionally, the Canadian Office of the Superintendent of Financial Institutions (OSFI) has also openly discussed issuing more stringent guidance on managing IT operational risks from use and reliance on services from cloud providers and other third-party service providers. 

What impact does this risk & regulatory environment have on our Financial Services customers?

While regulators offer prudent guidance on key risks that should be considered, firms themselves are directly responsible for identifying operational risks and mitigating them through appropriate risk management and resiliency strategies, including those related to cloud service providers. The days when firms could treat compliance as a checkbox exercise and state a critical service has a “backup” are behind us. Firms need to demonstrate through regular testing they can actually sustain their operations, have further remediation plans enacted, and fully developed exit strategies in place (ahead of when you need one).

Relying on new software or a cloud service is not enough, however. For all “critical” and “important” services, firms need to make sure that they have implemented the solution, run it optimally, and can demonstrate to regulators that they have full visibility, control, and contingency in place.  And just as we see a commonality in how the various regulators define terms, financial services firms around the world should expect regulators to continue to talk amongst each other to encourage common prudential guidelines across the world. Much like GDPR, the EU’s DORA is particularly one regulation that we anticipate will have a much wider impact on the financial services industry than just within EU member states.

All things considered, compliance is not such an easy task for banks, insurers, and other financial services firms.  It’s become much more than a checkbox exercise; it’s increasingly feeling like a full-contact sport!

For Financial Services, Multi-Cloud can provide a solution to the Operational Resiliency challenge!

At VMware, we’re seeing many financial services customers: 1) struggling to execute their public cloud strategies, and 2) adapting their operational models to run critical business systems seamlessly across both the data center and the public cloud. Many of their cloud migration projects have either stalled or exceeded their initial timelines.

• Correspondingly a December 2022 report on cloud adoption in Europe by the Association for Financial Markets in Europe highlights regulatory complexity as a major barrier affecting the pace of cloud adoption within the finance industry.
• With an estimated 75% of FSI firms leveraging multiple cloud providers, many financial institutions are embracing a multi-cloud strategy to mitigate operational risk. However, in pursuit of this objective, firms encounter the difficulty of navigating and managing diverse cloud approaches for each CSP, all while ensuring a resilient financial ecosystem.

VMware’s multi-cloud approach for financial services risk/regulate environments combines the use of our VMware SDDC architecture across all clouds (private, public, sovereign, and edge) with our workload migration and DR capabilities. By maintaining a common and consistent architecture, financial institutions can:

• Develop and operate diverse applications delivering an agile and scalable cloud experience across multiple cloud providers and on-premises
• Ensure continuity of operations during planned DR testing or unplanned outages/disasters
• Protect against ransomware and other cyber-threats
• Enable seamless migrations between different clouds should firms need to enact cloud provider contingency plans

However, not all workloads or financial systems can or will be migrated to the public cloud and regulators are no less concerned with how data center environments operate in the event of instability. For those environments, utilizing VMware Cloud Foundation, firms can enjoy the advantages of the same highly available and resilient SDDC architecture on-premises, enabling streamlined operations and efficient utilization of infrastructure in the data center.

Key Takeaway for Financial Services Institutions

VMware offers our financial services customers unequivocal choice in both application platform and infrastructure platform layers enabling them to strike a balance between agility and operational resilience! 

Runecast Partnership

We’re excited to be working with our partner Runecast to address the challenge financial services firms face in gaining visibility into and managing their EU DORA compliance posture in a multi-cloud world enabled by VMware. More to come on our partnership so stay tuned to VMware’s Industry Solutions blog for updates.

Ransomware History and News

The healthcare ecosystem continues to face persistent challenges due to ransomware attacks, affecting providers, payers, and vendors alike. Becker’s Hospital Review reported that the healthcare industry witnessed its first ransomware attack known as the AIDS Trojan, or the PC Cyborg back in 1989. Despite the passage of 28 years, this sector remains a prime target for cyber threats, highlighting the critical need to strengthen cybersecurity measures to protect sensitive data and ensure the security of patient information.

A 2022 Ponemon Institute study of healthcare organizations found that 41% of respondents experienced ransomware attacks over the past two years. These ransomware attacks frequently lead to delays in care, affecting patient lives and substantial financial losses.

According to a SonicWall report, approximately 140.1 million ransomware attacks took place worldwide across industries in the first half of 2023. The problem is severe enough that the White House is considering an outright ban on ransom payments.

The average cost of a data breach reached an all-time high in 2023 of USD 4.45 million as per report by IBM Security on data breach. However, this did not factor in many costs of ongoing legal battles, damage to the brand and future business, increase in cyber insurance premiums and investment in new technology. Considering these additional costs, the actual financial impact of a data breach can be much higher than the initial estimated average cost.

The Effect of Ransomware in Healthcare

Ransomware attacks impact healthcare providers on four fronts: financial impact, patient care and safety, impact to caregivers and damage to the brand and business. They also present a range of dangers, like completely going out of business, ongoing lawsuits, inability to recover the data completely and so on.

2017’s Wannacry ransomware attack took connected medical devices offline at hospitals in the United Kingdom and the United States. In Florida, smart IT work prevented a ransomware attack on Tampa General Hospital. St. Margaret’s Health, a small hospital in Illinois, closed their doors and cited a 2021 ransomware attack that delayed months of claims submissions as a contributing factor.

Why Healthcare?

Healthcare is one of the four most-frequently targeted verticals for ransomware attacks, alongside government, education, and finance. The healthcare sector is uniquely vulnerable to ransomware attacks for a number of reasons. Most importantly, healthcare providers have a large number of weak points due to third party vendors, patient data practices, connected medical devices, supply chain issues and outdated systems or software. 

Criminals also target healthcare providers because they are soft targets. Healthcare providers have a responsibility to keep patients healthy and alive and are more likely to pay ransoms in many circumstances as a result.

The American Hospital Association, a trade group, characterizes ransomware attacks on hospitals as “threat-to-life crimes because they directly threaten a hospital’s ability to provide patient care, which puts patient safety at risk.” 

What makes Healthcare an easy Target for Ransomware

Let us look at some factors that makes Healthcare an easy target for cyber criminals

Legacy Systems

One major problem facing healthcare in particular is overreliance on legacy systems. Many clinical systems and medical device vendors often run on outdated software stacks that don’t always support critical ongoing security updates.

Sensitive patient data held on undersecure legacy systems also presents an attractive target for ransomware criminals. Because patient data frequently includes personally identifying information such as date of birth and addresses that aid criminals in identity theft and credit card fraud, protecting it is a necessity.

Security, Regulation & Ethical Challenges

Healthcare organizations have a strong incentive to safeguard sensitive patient data due to legal obligations and potential consequences. Government regulations, patient privacy laws, and strict penalties create a framework that demands data security. Improperly secured data can lead to various legal complications if a breach occurs, including costly legal battles, damage to reputation, and loss of public trust. Consequently, prioritizing robust data security measures is crucial not only to protect patients but also to avoid potential legal issues and negative impacts on healthcare organizations.

Ransomware attacks on healthcare organizations frequently result in a challenging dilemma. Due to the critical nature of patient outcomes and service delivery, some healthcare organizations opt to pay the ransom demanded by criminals to regain access to their systems. This makes the healthcare sector an appealing target for attackers, knowing that they may get what they demand.

However, this practice creates tensions with government organizations that advocate against paying ransoms. Governments fear that yielding to these demands sets dangerous precedents, encouraging more ransomware attacks in the future.

Furthermore, even when the ransom is paid, there is no guarantee of a full data recovery. Many organizations have faced the grim outcome of not regaining complete control over their data, leading to further complications. In some instances, the attackers have even leaked sensitive data on the internet, exacerbating the damage caused by the initial attack.

Finding a balance between responding to attacks swiftly and responsibly while also avoiding rewarding criminal behavior remains a significant challenge for the healthcare industry.

Technological Challenges

Bad actors employ diverse attack vectors to distribute ransomware, making it imperative for security teams to be proactive in their response. One of the most concerning methods used by criminals involves exploiting zero-day vulnerabilities. These vulnerabilities are previously unknown to the software vendor and, as a result, have no patches or fixes available at the time of the attack. Prompt remediation actions are crucial for security teams to mitigate the impact of such attacks.

Furthermore, security teams must take a comprehensive approach to safeguarding against ransomware. They need to analyze and secure wider attack surfaces, which may include various locations where critical data and workloads are distributed. This can encompass on-premises software, edge networks, data collection centers, cloud-based or Software-as-a-Service (SaaS) solutions, and more.

Slowed or delayed support for remote administration and access can create vulnerabilities that ransomware attackers may exploit to gain unauthorized access to systems. Additionally, fileless attacks can be leveraged by bad actors to move laterally within a network, making it harder for traditional security measures to detect their presence.

Moreover, ransomware attacks can remain undetected for extended periods, posing significant challenges for prevention and mitigation efforts. Sophos reports an average of 11 days before such attacks are discovered, during which time they can silently wreak havoc on a system, exfiltrate data, or escalate their impact.

Resource & Education Gaps

The healthcare industry, particularly clinical clients, requires enhanced user education and outreach to address ransomware risks effectively. Organizations must gain a comprehensive understanding of how technology can aid in protecting and recovering from ransomware attacks, rather than relying solely on traditional backup restore methods. 

However, the shortage of qualified cybersecurity analysts and engineers poses a significant challenge, making it difficult for many organizations to build robust teams despite available funding. Furthermore, cyber attackers continuously develop more sophisticated techniques, necessitating constant adaptation from cybersecurity teams. 

The high cost of maintaining Security Operations Centers further exacerbates resource constraints for many healthcare entities. To tackle these issues, a holistic approach is needed, encompassing improved user training, targeted hiring efforts, and exploring cost-effective alternatives for SOC services. 

Infrastructure Challenges

The absence of standardized infrastructure across the healthcare ecosystem presents an additional hurdle for security experts. Establishing and managing Air-gap Environments and immutable backups is a daunting task, both financially and technically. Since there are no universal solutions for protecting against ransomware attacks, security teams must tailor and optimize their approaches, often integrating multiple solutions. 

Furthermore, interoperability demands at many organizations necessitate API and other integrations, which can increase the risk of ransomware attacks by exposing systems to potential vulnerabilities. This lack of standardization and the need for customized solutions create complex challenges that healthcare organizations must address to effectively protect their systems and data from ransomware threats.

Cost Challenges

Providers and vendors in the healthcare ecosystem encounter numerous cost challenges that can complicate ransomware defense efforts. While not specific to healthcare, these financial constraints impact the implementation of robust cybersecurity measures. Cybersecurity tools and software, in particular, can be costly to procure and implement. Additionally, the complexity involved in integrating and managing these tools further adds to the financial burden. 

Insurance-related challenges add to the complexity of ransomware defense in the healthcare industry. Cybersecurity insurance premiums that include coverage for ransomware incidents can be prohibitively expensive, especially for high-risk organizations. In some cases, insurers are even refusing to provide coverage to organizations deemed to have significant vulnerability to ransomware attacks, further exacerbating the issue.

Comprehensive ransomware defense audits, which encompass penetration testing and recovery drills, are crucial spending areas to assess and strengthen an organization’s resilience against ransomware threats. However, these audits can be costly. 

While they provide strong defenses, some organizations are also hesitant to implement widespread encryption and firewall systems as those can cause slowness and decrease performance which can affect the bottomline. Managing encryption keys and configuring firewall rules can be complex and time-consuming tasks, requiring specialized expertise and resources. Some organizations may be reluctant to invest in the necessary infrastructure and personnel to implement and maintain these security measures.

Finally, maintaining a comprehensive and effective security operations center (SOC) requires a dedicated team of skilled professionals who can monitor, detect, and respond to security incidents around the clock. The cost of hiring and retaining such cybersecurity experts can be significant, especially in the face of a cybersecurity talent shortage.

While they are expensive, all of these defenses and strategies can prevent the significant damage to patient outcomes, organizational finances, and public reputation that many ransomware attacks result in.

What’s Next?

Now that we understand the challenges of Ransomware in Healthcare, in our next two posts, we will focus on the industry’s response to protect against these threats. We will briefly explore the diverse range of solutions available to tackle the healthcare ransomware challenge and shed light on effective strategies for mitigating the risk and facilitating recovery in case of an attack. Stay tuned for parts 2 and 3 of this series for more valuable insights on safeguarding healthcare systems and patient data in the face of this persistent cyber threat.