Citrix is gearing for HIMSS 2024 with a guest blog series featuring insights and innovations from some of our key partners. This first post is written by Jason Mafera, Healthcare Field CTO at IGEL Technology.

You can visit Citrix and IGEL at HIMSS booth #3212 to hear more about how the partnership is helping to redefine healthcare IT, empower providers, and enhance patient care.

For healthcare providers, it’s not a matter of IF but WHEN you’ll be impacted by ransomware, which unfortunately is still finding victims and impacting care delivery. After seeing a post-pandemic drop, the rate of ransomware is accelerating again. Two groups getting attention lately are CIOp and BlackCat (ALPHV). ClOp’s MOVEit Transfer hack to date has affected 15 million people and 121 organizations. BlackCat (ALPHV), skilled at exfiltration, threatened to leak photos and sensitive data of a plastic surgeon’s patients and, according to a Check Point report, previously leaked patients’ photos and medical records after an attack against American healthcare provider LVHN earlier this year.

The endpoint as first line of threat defense

BlackCat is a good example of why all of us need to shift our thinking about security from a focus on servers and infrastructure to focusing on the user edge at the endpoint. A TrendMicro analysis of BlackCat notes that blocking malicious emails and employing the latest security solutions to email, endpoint, web, and network are essential defense practices.

At IGEL our mission is to provide the best security at the endpoint to prevent businesses from becoming the next ransomware victim. We believe the best defense is to separate business data and applications from the hardware device and store the data in the cloud to reduce the attack surface. This separation enables a user to access data via a secure OS and have the flexibility of location and device.  Citrix technology for delivering desktops and applications from the cloud fits perfectly into this strategy and allows the combined solution to address these challenges.

Cloud-based workloads delivered via Citrix, coupled with role-based access controls and mandatory multi-factor authentication (MFA), can further strengthen threat defense. Limiting access to work-essential files and applications, being aware of employees’ changing responsibilities, and being diligent about shutting down access when offboarding, will lessen opportunities to penetrate the network.

Separating data and applications from endpoint devices is the first line of defense in disaster recovery. It must be combined with a secure operating system (OS) which supports a hybrid cloud environment and is integrated with the VDI platform from Citrix — serving up SaaS, DaaS, and other virtual services. Linux OS, for example, operates fully separate from apps and services, shrinking the attack surface on each endpoint to its absolute minimum and enabling efficiency in how end-user apps and cloud services are procured, downloaded, and updated. It enables fast tracking Windows updates and patching across the enterprise for improved security.

Disaster recovery: How the endpoint fits

When a ransomware or other cyberattack is successful, business continuity depends on safe data recovery and the ability of people to return to work quickly. The solution is a combination of secure OS, like Linux, which is rapidly recoverable and can reboot back to its known good state coupled with virtualized resource delivery from the cloud. This requires a read-only endpoint OS and the ability to partition data to aid in priority recovery of critical applications. Since these applications are separated from any piece of hardware, they can be securely accessed from the cloud and support business continuity.

Remember the endpoint

CIOp’s MOVEit Transfer and BlackCat are just two examples of sophisticated hackers threatening businesses. Creating a specific endpoint security strategy, including moving critical applications to the cloud, is imperative as hybrid workers toggle between locations and often insecure devices.

It makes sense that a disaster recovery strategy must start looking more closely at the endpoint and an OS that supports secure cloud compute as an integral factor in business continuity.

To learn more, please visit us at the Citrix Booth #3212 at HIMSS24 in Orlando.