Iconic Australian health service ensures 24/7 operations and rapid ransomware recovery.
Rubrik, the Zero Trust Data Security Company, has announced it has helped the Royal Flying Doctors Service Queensland (RFDSQ) protect business-critical data and minimize the risk of ransomware attacks against the organization.
Now, Rubrik gives RFDSQ cyber-resiliency and ensures Business Continuity so that the health service can continue saving lives across the state.
Covering more than 1.7 million square kilometers, RFDSQ provides essential healthcare and retrieval services to some of Australia’s most isolated communities.
Each year, it delivers more than 98,000 episodes of care which includes transporting 11,700 patients to and from metropolitan hospitals, running more than 5,300 health clinics across regional, rural and remote Queensland, and providing health advice to more than 16,000 telehealth patients.
Given the enormous area RFDSQ covers, it relies on a fleet of 20 aeromedical aircraft to reach even the most far-flung corners of the state.
Adam Carey, CTO at RFDSQ, said the dual role the organization plays as both an airline and healthcare agency meant the threat of ransomware holding critical data hostage was one of its greatest concerns.
“In the past two years, cybersecurity has evolved from a side-issue to our number one business risk,” Carey said. “Even against our own organization we’ve seen cleverly crafted, targeted phishing attacks, especially to our executive team. It shows nothing is off limits, not even essential health services like ours.”
Following a spate of high-profile ransomware attacks against Australian organizations, Carey said the RFDSQ board and executive team decided to bolster its data security capabilities to minimize the risk ransomware posed to its operations.
“Patient data is everything to us. It’s our crown jewels,” he said. “Patient care is our main reason for existing, and the motivation for everything we do. For us, care extends beyond the physical – it’s also about ensuring patient privacy is always protected and Rubrik helps us protect it.”
While privacy risks were a key consideration in implementing Rubrik, so too was the potential operational impact a ransomware attack could have.
“We need to protect our data to remain operational at all times. If we were to lose access to some of our key data and systems, pilots couldn’t log their flight plans for the day, so they’d literally be grounded,” Carey said.
Working with local IT partner Centum Services, Carey said he chose Rubrik as it was simple to implement, delivered rapid RTO (Recovery Time Objectives) and RPO (Recovery Point Objectives), and supported RFDSQ’s Microsoft Azure environment.
“We’re protecting our entire Outlook, Exchange, Teams and Sharepoint environments along with the core servers that hold our critical data – both corporate drives and medical databases,” he said. “We implemented Rubrik the week before Christmas and it literally took 90 minutes to set up.”
“The fact we have critical data stored in Rubrik, off-premises, completely air-gapped from our environment, means we can restore to a different tenancy or a completely different server straight away, without having to stand up any physical infrastructure – our bases are covered.
“To be able to say to our CEO that we have that level of protection, that in even the worst-case scenario we can be back-up-and-running within hours, means we can now both sleep a lot better at night.”
“Over the past few years, cyberattackers have made it clear nothing is sacred,” said Scott Magill, Managing Director for Rubrik Australia and New Zealand.
“The biggest risk organizations face today is the inability to operate – losing access to data means losing access to applications, and therefore losing the ability to function. With Rubrik, Royal Flying Doctors Service Queensland has the reassurance it can always be there, providing essential life-saving services when Queenslanders need it most.”
We asked Adam Carey, CTO, Royal Flying Doctors Service Queensland, further questions to find out more about the project.
Are you surprised that nothing is off limits for cybercriminals – even a lifesaving agency such as yourselves?
Unfortunately, I’m not surprised. I’m disappointed that they choose to target such an iconic Australian brand and it’s clear they’ll do whatever it takes to extort money – even if it’s patient personal data that they can hold to ransom.
Has there been an increase in the sophistication of cyberattacks over the last few years?
Very much so, we’re seeing an upgrade from basic random attacks to more personalized and targeted attacks to key personnel within the organization, especially those who have a public presence on places like LinkedIn.
Why do you think your executive team has been particularly targeted?
Executives are targeted for two key reasons. The first is they’re incredibly busy and with a properly crafted spearphishing email, attackers believe they can get them to take the bait.
The second has to do with privileges. Attackers assume that executive credentials will have greater privileges so, if their accounts can be compromised, they’ll gain wide access to the organization’s infrastructure.
As a counter to this type of targeted attack, our executives have probably the least administrative access within the organization. Only those who need direct access to patient records have it.
However, this doesn’t stop malicious actors attempting to impersonate our executive team via email, so we have a very strong email filtering gateway with some clever rules to thwart this type of attack.
Fortunately, our executive team are very skilled in recognizing suspicious emails and will always raise anything that’s suspicious with our security team. Further, the data our executives do have access to is very closely monitored for unusual activity, and DLP policies will alert us to – and block – any attempt to encrypt data or exfiltrate information from the organization.
Were you impressed with the simplicity and speed of the implementation process?
The connection to and kick-off of the backup of our resources only took around 45 minutes to configure! The next morning, I logged in to find everything was protected and reporting 5x 9’s compliance – it’s been set-and-forget ever since, with just the occasional restore highlighting how easy the solution is to use in a real-world production environment.
What would be the impact of losing access to some of your key data and systems?
Within a fairly short amount of time, we’d be literally grounded with flight operations and patient care directly impacted. RFDS has zero tolerance for cyber-incidents for this exact reason, and Rubrik has been instrumental in the development and testing of Disaster Recovery and Ransomware-Recovery plans. This ensures our data is always safe and recoverable should the worst happen.
Were you impressed with the RTO (Recovery Time Objectives) and RPO (Recovery Point Objectives) offered by Rubrik?
The ability to bring systems and information back online within just a matter of hours (rather than days or weeks) makes all the difference to our operational capability.
There’s no point having a data-protection system that sits on slow storage which can negatively impact your RTO; Rubrik enables us to have rapid recovery of critical systems and the flexibility to be able to restore to its original location or another system based on the scenario at the flick of a switch.
Our key databases and systems are now able to have only minutes-old information once recovered, resulting in minimal or even no loss of information should a catastrophic event occur.
Can you explain the importance of having your critical data airgapped from your main environment?
With attacks becoming more and more sophisticated, and the number of attacks rising year-by-year, it’s important that business-critical data is secured separately to ‘normal’ IT infrastructure.
Without airgapped critical data, should a trusted administrator account be compromised, there’s the potential of regular backups being destroyed which would leave an organization completely vulnerable to being held to ransom.
By providing logically air-gapped and immutable backups off-premise, Rubrik ensures that any internal breach can’t result in data-loss. Our information is never able to be deleted by unauthorized means, and administrative access is monitored and controlled by multi-factor authentication for that additional peace-of-mind.
Click below to share this article
