Name: Stop Ransomware from Shutting Down Patient Care: PACS Protection That Actually Works
Uploaded: 2025-12-09T18:01:07.405Z
Duration: 32 min 16 s
Description: Stop Ransomware from Shutting Down Patient Care: PACS Protection That Actually Works

Transcript for "Stop Ransomware from Shutting Down Patient Care: PACS Protection That Actually Works": then kick it to you, Matt. Sounds good. Okay. Looks like we're we're live. Welcome, everybody. Happy Tuesday. Good morning, good afternoon, or good evening, wherever you're joining us from. So excited for the content we have lined up for you today. We are live, which is awesome. That means we have two speakers who can answer your questions via the chat. That's a big part of today. I'll I'll save the the fun stuff for Matt and Alpika to jump in, but, definitely an interactive session. So please drop any questions that you have. I think it's gonna be on your right hand side, and we'll do our best to answer those as the session goes on for the next twenty, thirty minutes. But really excited to just go ahead and dive in. I think we have a pretty good audience already. So exciting. So, Matt, I'll just kick it to you to jump in, and then we'll we'll wrap it up. And excited for the the content today. So over to you, Matt. Great. Thanks, Hannah. Appreciate it, and, thank you everybody for joining here today. We're gonna talk about, how we can help, protect your PACS data. We know PACS data is at risk. We know that, health care is obviously a primary industry sector for, for threat adversaries to go and, and infiltrate. So we wanna help you, develop strategies on how best to protect critical data within within the health care enterprise, and that's really what we're gonna be touching on today. This is our agenda. I'll just start by introducing myself real quick, and I'll introduce my colleague, Alpika, as well. I'm Matt Castriada. I'm our field CTO for our cloud and unstructured go to market here at Rubrik. And I'm joined by Alpika, our senior tech technical marketing manager, who, is gonna walk us through a demo at the end of this session. We're gonna take about fifteen or twenty minutes upfront just to set the stage, the problem statements that we're seeing in health care, and some of the ways that Rubrik can help. This is, how we're gonna walk through it, essentially, laying out the problem statement and the impact of those threats on health care organizations, some of the limitations of how folks are trying to tackle this problem today, and then ultimately the need for a new solution and and really how Rubrik can help. So that's and then, again, we're gonna wrap with the demo. Alpika's gonna take us through that. And if you have any questions as you go through, feel free to put them in the q and a. Alpika will answer while I'm on stage. And then, when I hand the baton over to Alpika, she will I will answer the questions that, that you might have. So, again, happy to answer any questions here or reach out to us after this event as well. That works too. In terms of just, the the landscape, is a primary industry sector, that is under attack, and this is because healthcare is critical infrastructure, right, both payer and provider. We have seen a number of instances of healthcare care organizations being infiltrated, having to have degraded or little to no service due to being hit by a cyber attack. And these attacks are real. They have real implications, significant implications, not only on patient care, right? We know that, on average, patient care is directly impacted by a tax somewhere in the range of 30% of an increase in medical errors when electronic health record systems are offline. But we also know that these attacks can be costly, costly from an outage perspective. It could take up to two to three weeks to return to typical patient care levels, that you would see prior to being impacted, plus, the impact from a cost perspective, that there is a very, very large financial impact of a cyber attack for health care payers and providers, and that, it can be in the tens or hundreds of millions of dollars. Many of those impacts typically are not felt until six to nine months out from the attack, because those that's usually the the cost of the attack from a data breach perspective, which can be significant given the sensitivity of the data that health care organizations, hold. So again, attacks are real. We know the impact is significant, and we know that there are a number of there's a lot of business critical information sitting in all, in the entirety of your data estate, not just the entirety, but also your unstructured data state as well. We're gonna focus specifically in on the unstructured data problem because that's a volume, and, and and velocity problem that we're gonna talk through. But this is this is really where, you know, unstructured data could be used in an within a health care enterprise, things like research and patient monitoring, obviously, PACS, which we're gonna drill into today, and then talking about other, you know, other uses for unstructured data within an organization. And typically within a healthcare organization, that could be anywhere between 90% to 95% of the data estate. And the risks of having your PAC systems down are significant. It threatens patient care, right? 67% of healthcare orgs faced a ransomware attack in 2024. And if their health care and and their if their PACS data is is impacted, you know, radiologists can't operate. Surgeries get delayed, without the imaging that they need, in order to perform, you know, accurate and accurate surgery, obviously. Emergency rooms and and departments have to divert patients because weights tend to tend to creep up. And then there's the dilemma of what to recover. What was impacted? You know, was it the entirety of the estate? Was it just my PACS information? That problem can take sometimes days or weeks to try to figure out and and can eventually lead to an operational collapse. We've seen this at a couple of health care organizations, and obviously, it's significant because patient care is at risk. So in traditional data protection is not going to meet the need for cyber resilience today. And we're gonna explain why because, essentially, what happens is there are this is a where folks end up taking a continuity strategy to a resiliency problem, particularly when you're talking about very large, unstructured data states. NDMP is a backup technology, but it was created in the mid nineties. It is not gonna meet the need for the Internet age today, petabyte scale. It's just not gonna scale to that, to that it was not intended to scale, to that volume. And the other option is essentially to use array based techniques to protect data. And as I mentioned, this is more of a continuity strategy than it is a resiliency strategy. Snapshots are essentially stored under the same credentials and code as production. And when you go and protect your primary NAS, if that were impacted by a cyber attacker, if you're replicating that data, those replicates are also gonna get impacted. And therefore, the data that you might have archived is also going to be, in question. Right? So really understanding what data was hit when you're impacted, what data do you need to recover first, so what's critical to the minimum viable hospital in the case of a provider, or a minimum viable company in the case of a payer. Can you recover to another platform? And and what would that process look like in a large scale cyber attack? These are all questions that, ultimately, our customers need to ask themselves and and questions that Rubrik can help answer. I'm gonna walk through this here. So the question is, is there really a requirement for a secondary or in the in the case of a replicated scenario, a tertiary copy that's air gapped? And just a statistic that we have from our own research tells us that most organizations, 66%, believe that the growth of their data has already outpaced their ability to secure it and manage that risk. So I would argue that the answer to that question is yes. You you do need a copy, that is that is gonna, that is gonna survive, a survivable copy of data that you can recover from. And legacy backup tools aren't necessarily gonna help you because they can't meet the scale today. They're not intended to handle petabytes of data. And if you were to go and restore, do a mass recovery from something like tape, that is gonna take, you know, could take a really long time and be a very complex recovery. In the case of array based techniques like snapshots or like replication, unstructured data exists beyond that central platform. Right? There are other platforms within your organization that comprise your data estate and that those snapshots that are stored under the same credential or code as production tend to be that single point of failure. And maintaining the stale data on very high performance disk can be cost ineffective. And those snapshots, again, may be made immutable, but the immutability is a configuration. It's not immutability or secure by design. So again, as we mentioned, they're taking that sort of snap and replicate approach, which is a very typical approach to large scale unstructured data, means that you're going from, you're you're staying within the vendor's profile, you're staying within the same identity domain, essentially, within the snap and replicate architecture, and that those snapshots exist in the same code, in the same security architecture as production with limited options for immutability. As I mentioned, immutability is secure by configuration in that design rather than secure by design. And anything that's secure by configuration can be unconfigured, by somebody that that has malicious intent. Legacy backup software is not gonna meet the need. It's not gonna keep pace with the scale and the volume of unstructured data. And, you know, it's an inflexible architecture in general when you're talking about snapshots. It it creates inflexibility on the, on the hardware side in terms of how much disk you actually need to maintain those snapshots, particularly if you're maintaining those snapshots for regulatory reasons, meaning for years or multiples of years. It just creates a lot of inflexibility in storage bloat, and there's very little opportunity to scale down or really take advantage of, of the economics of of, of cloud storage. And that's really where, you know, Rubrik can sort of help with that with that problem statement. So as I mentioned, you know, the minimum viable hospital, if you're a provider, what do you need? What applications are most critical to maintain continuity in the case of a cyber attack? And any of these applications can be in play. We're talking specifically about PACS, but Rubrik can help across this continuum. We have a number of providers that use Rubrik to protect many of these systems. And and we can, we can really sit with you to understand what comprises the minimum viable hospital for your organization and how we can help you maintain patient continuity if you're ever impacted by an event. And we've done this for the University of California, San Francisco. The UCSF Health is has is a great customer of ours, has achieved 1.3 millions in savings over five years with Rubrik, you know, at 34% savings, essentially from the legacy, and then add additional security with our ransomware investigation and other techniques, that that Alpico will will will kinda step you through some of those some of those some of that functionality. And I think the most important one is just the time savings that with with our integrations, the ability to be able to save, much time because we know that teams are stressed, for time and, and resources. So let's talk a little bit about how Rubrik can help help here. We can't talk about Rubrik without talking about the entirety of the platform. Right? All the data sources on the left here are data that you could be protecting. We are centered in on unstructured data, which is a very, it's a it's it's a protection pillar for Rubrik, a very specific protection pillar, and I'll explain to you why. But we have five pillars. The first is our data center or enterprise pillar. Those would be all workloads born in the data center. We have our cloud pillar, which I oversee today, which are all workloads that could be born in lift and shift services in the cloud or could be born in cloud native services. We have SaaS, obviously, and a lot of, a lot of SaaS in use today, particularly Microsoft three sixty five and other other very large SaaS providers. We have a new business unit that's, really a growing business unit for Rubrik is around identity and how to bring your identity systems back. Because, again, without your identity systems, nothing is available. Nothing behind your authentication is available if you can't get authentication and authorization done. So that's really why we focus on identity as a as a as a key protection pillar for Rubrik. And the last one we're gonna talk to specifically about is unstructured data. Again, the reason we have this spelled out is Rubrik has figured out a way to optimize the physics of moving very large scale unstructured data to a secure repository. Now, when you layer on left of boom capabilities around understanding the type of data you have and who has access, that can really limit your risk prior to being impacted. But we also have a really wide array of right of boom capabilities, things that you may do after the event has occurred, things like understanding the blast radius of the attack or understanding what threats might be latent in the dataset. In other words, was there malware that lived in the dataset for a long period of time before it detonated? Those are all things that you have to do in order to recover clean to ensure that you're recovering a clean copy back of your dataset. And then on the recovery side, the speed to recovery is really what this is all about. Not only being able to simulate a cyber recovery in a in an isolated recovery environment, but also being able to drive recovery through APIs, and through our API first platform is really the the ability to to actually drive a mass scale recovery at scale. Now on the right here, you'll see all of the perimeter companies that we integrate with, and you probably have some of these in your organization. These folks are really focused on keeping the bad guys out or keeping the the damage that the bad guys can do very limited, in scope. And a lot of these organizations are really ineffective without the data context, and that's where Rubrik comes in. We can feed a lot of the data context to someone like Palo Alto or CrowdStrike so they can take action at the perimeter. So we have integrations that are built with all these organizations, even with Zscaler, so that they can understand the type of data you have so they can build DLP policies around it. All of this is really critical to make those tools more effective because, again, they lack the data context. They just have the context of what's happening out in the perimeter. And, yes, primarily, you should wanna keep the bad guys out, but we have to live in this world of assumed breach that at some point the bad guys are gonna get through. And specific to health care, it's really all about taking that large scale unstructured data, whether that's born in a PACS system or whether that's a WebBlob, repository for your EPYC systems, and moving that through a stateless VM to secure isolated credential isolated account. And that credential isolated account could be could live in Rubrik Cloud Vault. It could be a managed storage service provided by Rubrik, or it could be your own cloud, estate, if you have a cloud estate today or maybe something on prem, maybe on prem NFS or object as a target. The point is is having a immutable and credential isolated copy of your data that is survivable. Snap and replicate does not guarantee survivable copies. Rubrik is gonna guarantee that by moving it to a secure location, again, as a secondary or tertiary copy. Again, doing that at the volume that meets the need today, that's petabyte scale volume, doing it at wire speed. So if you have a 100 gig out to your cloud provider, we can saturate that 100 gig to get that that that unstructured data out there, and secure and recoverable very quickly. And then ensuring, again, that you have a survivable copy to go back to. Attackers can go in and compromise and destroy NAS data and configurations. We've seen it. So having the ability to be able to have a survivable copy and adhering to best practices around your electronic medical record systems, for example, in order to achieve those higher tiers of, of, you know, certification within Epic. It requires you to take due care of the unstructured data, to not just have it replicated, but to have an immutable and air gapped or credential isolated copy of that data that's recoverable. And, again, as I mentioned, doing all that through a stateless data mover technology that essentially can move the data at wire speed to any of these targets, of choice. So, some just some a recap of some of these capabilities. Right? You may, need to understand the type of data you have. We know that health care, stores mostly sensitive information, so I I don't think that we're too worried about is the data sensitive. Yes. It is sensitive. But you may not need it all on, on, you know, expensive storage. You may want to archive that data. So understanding the type of data you have and when it was last accessed is gonna help you with that. Or maybe you wanna migrate to a new NAS platform, and we have the ability to do that as well because we are vendor neutral. Ultimately, this data mover technology is just moving files around. It doesn't matter where those files came from, and it doesn't matter really where those files are going to. If it speaks NFS or it speaks SMB, we can move that data around, or even any of the object protocols like s three or blob. We can move that data around as well. And again, it's purpose built for large scale, unstructured data protection. We can scan billions of objects, 50,000,000,000 objects, 50,000,000,000 files in fourteen days, you know, moving 700 terabytes over a period of fourteen days really with no hardware. Again, this stateless data mover is in a VM construct, and it could be scaled up or down as needed. So Alpique is gonna show you some of those capabilities here in the demo, and I'll hand things off to her. Thank you so much, Matt. Let me quickly share my screen. Okay. Okay. In the essence of time, I'm gonna run a little fast, so I can cover most of the topics which I was talking about. So first off, you do need Rubik's security cloud, account. And once you become our customers or you're trying it out, you will get access to Rubik's Security Cloud. This is our centralized platform for managing for essentially, for, any backup recovery or the other, security operators, features we have. You can manage everything from this platform, whether it's, unprotected data, SaaS, which a lot of the workloads which Pat touched on, m three sixty five, active directory, other databases, etcetera, too. You can centrally manage from here. Now to get to your, unstructured data, we will go ahead and head to, the systems tab. Now this is where you can add your system. So what Matt touched upon is that we are vendor agnostic. Right? Wherever you're storing the data, it could be cloud. It could be, you know, your GE system. It could be anything. Just simply go ahead, click on new system, select select one of the many options to onboard. If your, vendor is not listed here, we have some API integrations. If you don't have Azure files, if you just want to use, generic SMB or s three, you can do that. Just choose that option or generic NFS. Add in your, IP addresses, credentials, and you're good to go. Once that is completed, what Triptyk will do is that it will go ahead and scan all these shares which you have on your unstructured data system. Like you can see here for your NetApp cluster, we have, discovered all of these shares. The next part will be to assign a backup policy so you can so Rubik can manage all the backups and even the entire data life cycle. Whenever data needs to be deleted, at the end of the life cycle, Rubik will automatically do that. So for that, just have two policies. There are two types of policies, backup or archive. So let's click on backup. You can, essentially select how often you want your backups to happen, add where it knee where it needs to be stored. So it could be cloud, Rubik, Cloud Vault, your own storage account, or could be on prem, object or another NFS system. Right? Define how often you want to sorry. Not how often, but, how long you want to retain your backup. Now health care has a lot of compliance as well. So depending on, how long you want to keep the data for since it's all sensitive and patient data, just add, the value. And in fact, you can have two kind two types of backup. One could be on a daily basis. One could be more for, compliance reasons, more like a monthly copy which you want to archive or if you want to just keep it forever. Right? So, just create the policy depending on the need, and, you can either assign it at the entire system level, or you can do it at the share level as well. So just click on the share or the system. And under protection, you can select which backup policy you want to, you want to assign. And as soon as the backup policy is assigned, Rubik will automate the entire backup process for you. One very cool feature which Matt talked about is the data discover aspect where, you know, not all the data, yes, all the data is sensitive, but you may not need to keep it on expensive storage. Data discover is, very handy for that. It gives you a temperature check on all the data you have. You know, you can, of course, modify the duration depending on your organization's need. But by default, we tell you, like, what data is modified in the last thirty days, 30 to one eighty, and so on. Right? So if you look at the dark blue data, which is not being modified in over a year and it's still two fifty gig of data sitting on expensive storage, you can choose to archive it. Right? Because like, of course, do some analysis from your side. If you don't need this data, go to the directory and you can simply, choose to archive from here. Now Rubrik will archive the data, but you have to delete the data from, your NAS storage. I'll quickly touch upon the data, recovery aspect. You can search for a file. You can search for a folder. You can essentially, recover a file, a directory, or other entire share. Depending on what your needs are, you can, do that as well. I'm not going to spend too much time on it, because I want to, switch to talking about the data or cyber resilience features. Right? So once we back up your data, we do a lot of analysis. We start looking for anomalies. What are anomalies? We are looking for sudden encryption events, deletion events, and, you know, type, type of files that's actually nonexistent in your environment. And we come keep comparing this from your, previous snapshot. So we have a baseline as to what your, infrastructure looks like. What we are looking for are, like, sudden changes. Like, even if it's subtle, we track that over time, and we give you guidance as to maybe there is something going on. If there is a ransomware note found or if, there is encryption events out of the blue, we do notify you, about that situation, and that is typically under anomalies. A lot of other features like threat hunting, threat monitoring are also coming soon, so I'm not gonna touch, on that. But, to get a sense of blast radius, Rubrik will tell you where, when the anomalies first started, like here. If there is a a log bit anomaly or if the how many files are suspicious, we can tell you all about it. You can get into the share and, essentially get an information what kind of anomalies, when it started, what is, you know, which is a baseline snapshot, which is free from those anomalies. So you can essentially try to recover from, a clean copy and make sure it's not reinfecting your production environment also. I do want to show you one cool thing is that okay. I I do need to cover one more thing, but yes. So, like, you can see here is, like, Rubik automatically identifies the anomalous snapshot and the base snapshot. So it, and, you know, a lot of times, customers, it can take them weeks or months to identify a clean snapshot, because they will have to guess when the attack was started and all of that. But Rubrik automates that process and tells gives you a good idea as to where your base clean base snapshot is so, you know, you can do some testing and make sure it's in fact clean and then do the recovery from there. Another cool feature is the data classification engine. So let's head to data security posture. What Rubrik has done is that it has, predefined set of, policies and data types, to look for specific type of, sensitive data. I'm just gonna touch upon the medical, which because it's relevant to the webinar. So you can see, like, there is health, insurance claim number and other things. So Rubik after every backup, Rubik will scan your backup and identify where this data is and if they are protected or not. You can figure out, you know, where your sensitive data is, which system, if it's in cloud, where however it's spread out in, throughout your infrastructure, Rubik will let you know. Like, for example, here, one of the shares has a main, file share folder, which has all of your sensitive data, but there are multiple restore folders that also has your sensitive data. Now this may not be ideal. Once the recovery is complete, somebody might have forgotten to delete that folder. Right? But it still has your sensitive data, and it may not be protected or access controlled in the best way. So you can go ahead and protect that sensitive data as well. So it gives you the lay of the land and make sure your data is protected. In the essence of time, I will stop. Hannah, do you wanna wrap up or should I? Yeah. Yeah. I'll pass it back, but I just wanted to say, obviously, there's a lot more that we can get into here. And so as a next step, would love to, earn the opportunity for maybe a one on one session, a more thorough demo specific to your environment. That's a great next step after today. Obviously, we could probably spend hours discussing the topic. Right, Alpika? But we wanna be respectful of everyone's time. Any action items from today, Alpika, we can navigate to the docs tab. There's a bunch of resources there for you to explore, but anything in particular? Yes. So on December 18, we actually do have a deeper dive. It's a rubric workshop for, unstructured data. So we will cover everything, like how things actually work, with your unstructured data, how the protection works, how the recovery works. We'll leave you with a lab also. So please register for that session. It's it's only an hour long. So, you know, we'll do the deeper dive in that one. Yeah. I'll go ahead and put that in the chat, just so that it's easily accessible for everybody here. But other than that, I I think that's all we have for today. The recording will be made available to you and sent, I believe, automatically after today's session. So just be on the lookout for that. I think it takes an hour or two, so just be patient there. But, yeah, I would love to see you on the eighteenth for that deep dive. But thank you everybody for your time. Alpika and Matt, really appreciate you guys. What a great session. Hope everybody has a awesome Tuesday. Thank you. Thank you. Bye.