Guest: Andrew Tucker
Presenter: Wayne Bucklar
Guest Bio: Andrew Tucker is the CEO of ITonCloud. ITonCloud is built to provide leading edge and proven technologies for our customers. The staff and management have a long history of delivering managed services and IT systems integration projects. He is an entrepreneur with 25 years of building successful annuity based IT Professional Services Businesses. His business building specialities range from building business from the ground up to sales and business strategy. Andrew has started, run and sold a number of successful businesses. These business range from 80 to 2000 staff with turnovers of $10 million to $400 million.
Segment Overview: In today’s interview, Andrew Tucker returns to the program to discuss the topic concerning ransomware. He provides advice on how healthcare providers can better protect their operations from ransomware. Healthcare providers are an attractive target for ransomware attacks because of the critical data they carry and their reliance on up-to-date information for patient records.
Wayne Bucklar: You’re listening to Health Professional Radio. My name is Wayne Bucklar and today we’re joined by Andrew Tucker. Now Andrew has actually been with us before on the air, he’s the Chief Executive Officer of ITonCloud. And today, we going to talk about ransomware. Now it sounds like something that comes out of a movie on the Hollywood but let’s find out. Andrew, welcome to the show.
Andrew: Thank you Wayne. Great to be back on the show.
W: Now I think a lot of people would have heard of ‘Ransomware’ but it’s the same a lot of people don’t understand what it is. Can you explain it for us?
A: Sure. It’s fundamentally a bit of software that underlies a link that is emailed to you. Now what happens is you get an email that looks very authentic and it says ‘please click here to either get your updated statement’ or there’s something from the post office and you happily click on that little link. And what it does is that the minute you do that, it downloads a little virus/application onto your machine and then it starts to encrypt all your data on your machine or on your servers at office to a point where it actually locks everything up and you get a little message on your screen saying ‘Please contact this number and send this money to get your data back.’ Unfortunately, that’s not always the case though so one needs to take a bit more precaution about how not to be caught in that trap.
W: Now for most ordinary businesses, that’s going to be pretty catastrophic but in the health sector, that’s going to be cataclysmic. So two questions for you, how do you avoid it and how do you fix it?
A: Yes, I know because it often becomes a breach of privacy as well so in the health sector, there are a number of ways and one starts off with user education so really to become smart. Understanding what to look for when you get emails and especially in accounting departments as well because that’s where they sort of target to say ‘please click on your statement or get your invoice’ and you think it’s authentic because it comes from your utility bill. Always look at the email address. So generally, if it’s anything with a link that comes in to you to ‘please click this to get something’ – that should be your first trigger of a warning saying, ‘Okay well let me have a look at the email.’ So right click on the email, that’s from the sender and generally, you’ll get to see that it’s normally is a garbage email address that’s up there so it has nothing to do with the sender, so it doesn’t have their domain. Now also be careful because now they’re getting a little bit smarter because they also look at the fact that they will then slightly change spelling in the domain. So at first glance, it looks authentic. So make sure the spelling is correct in the domain. So that’s the one thing there to start off with and generally speaking you can sort of inhibit that initial encryption by just doing that. The second thing is to make sure that you’re running backups. Now with the health industry obviously, you don’t want and you can’t run backups that are just every day. You should be running things called ‘Snapshots’, so that it’s taking every hour, every half an hour depending on the criticality of your data because you as a business need to look at it and say ‘Well how much data can I lose to continue to be able to do my business’ and what I mean by that is if it strikes at 9:00 and your last backup was done at say 8:50, then you’ve just lost 10 minutes worth of data. So again, that becomes a strategy around the business and how you do your backups. And please, check your backups that they are working because one tends to run these backups over and over again without doing a fire test. A fire test means that you need to decide on when you’re going to do a restore test to make sure that the data is always retrievable. And I’ll explain why that’s important in a moment. The next thing is also to ensure that your antivirus software and your spam filters are up-to-date and continuously being maintained. And look, spamware is quite tricky because it’s generally speaking it’s an email and with a click-through to download the actual virus which means the antivirus software itself is sort of tricked. But there are better software applications coming out, specific created for this type of intrusion into your system. So these are the sort of three things one needs to maintain in your environment. Now, you can either do that on premise if you’re in the hosting provider or a cloud provider, they’re generous do supply that but make sure if you’ve got an infrastructure as a service offering, generally that responsibility relies on you. And if you’ve also got for example Onedrive or any of those storage facilities, again the responsibility relies on you to maintain your local antivirus because they don’t offer that. Whereas a full hosted environment, a private cart, they will manage everything for you.
W: Now Andrew, doctors and nurses and clinicians generally are probably not renowned for being very good with computer systems. Is this a sort of problem that affects big organizations and hospitals as well as general practitioners and your local dentist?
A: Look again, it all depends on who the ransomware company/person is. So some of them want to be recognized for something big and exciting so they will target something large. But generally speaking is just someone that wants to raise some cash quickly and send it out as a spam to as many people as possible. So unfortunately, it has no specific target, it looks for any of the users that they can get that information out of. And they know that if they hit the health industry, one has to respond and get that data back so they do know that that target is a soft target and quite a popular target in that saying.
W: And even in the days of credit card theft and identity theft, hospitals and health providers make such a great target to hack because they have all of the data about people from their date of birth to who their parents were to what they did and who their spouses were and all those questions if you’re after security, all that’s included in your medical records.
A: It is and especially next-of-kin and their details as you write is because obviously, if there’s an emergency that’s what they tap on. So they do, they get more bang for their back on the medical fraternity.
W: And have there been some real attacks in recent times?
A: They have been and I think the most public one has been really around the Queensland Hospitals and even the UK National Health Service. So there’s been a few of them, I do know of some more local ones but at the moment they’re not wanting to be named publicly as for obvious reasons because of breaches. But yes, there have been some very big public ones that have been attacked and the damage is quite severe in a sense. So not nice and something one can, in a way, prevent.
W: Now in the interest of full disclosure Andrew, we should say that ITonCloud, your business provides hosted environments. Why is a hosted environment a better option?
A: Well as you mentioned earlier on, generally speaking practitioners or the hospitals, they are about providing care to their clients and where IT is not their first in mind thing, they need to make sure that they can hand it over to someone that actually has the expertise and the knowledge in delivering these sort of protections. In our environment because we do that as I spoke of earlier snapshotting. We have had some attacks where some of our clients have clicked on the links. We shut it down, we get an alert almost immediately that this is happening, it gets shut down and we do restore. So a maximum downtime for that specific user would be roundabout between 5 and 20 minutes. So that’s sort of the timeline that’s in there but we are spending a lot of cash around methods of protecting it, new technology that’s protecting it, and again the way that we do our backup and restore regime as well are truly tested and tried.
W: Now if you’ve got your IT solutions in the cloud, is one customer isolated from another or does an infection spread because you’re on the cloud and sharing resources on the cloud with other businesses, does the infection spread through that provider or are they isolated from each other?
A: It’s a great question and quite often asked. So again, it depends on the provider on how they do the setup. So a well-established and well-funded provider will certainly have everything isolated. So would it happen with the transports? No, it wouldn’t. But if it hasn’t been designed correctly from day one, then you will have affected at all and cross pollinate into all others because there will be opening some gate backdoors and all those good things that these scrupulous people look to do. So you’ve got to be wise on your choice and how you go about actually doing that.
W: Andrew, it’s been a pleasure having a chat with you today and I have no doubt that some of our listeners will be thinking ‘My goodness, I don’t know how well-protected I am against ransomware and I don’t know if we’ve got the procedures in place to deal with it if ever happens.’ For those people, how can they get in touch with you?
A: So we are available on informations on the web under itoncloud.com. Alternatively, I’m always happy to have a chat with them on the phone and my mobile number is available, it’s (04) 1081 4921. Happy to chat about it and even point them in the direction because our solution might not suit everybody and I’m more than happy to point them in the right direction.
W: Andrew, thank you for your time today. It’s been a pleasure having a chat with you again.
A: Welcome and all those that are out there.
W: Thank you. If you’ve missed my conversation with Andrew Tucker, the good news is on our website at www.hpr.fm, you can access a transcript of the call, you can also access the audio archive on SoundCloud, iTunes and YouTube where you can have the whole interview again. My name is Wayne Bucklar, you’re listening to Health Professional Radio.