Electronic Health Reporter

By Stephen Manley, CTO, Druva.

The biggest healthcare innovation in the last twenty years is … data. Every day, healthcare organizations use data to operate more efficiently, improve patient care, and advance medical research. Over the last 24 months, the industry used data to advance mRNA technology, which laid the groundwork for the COVID-19 vaccines, and even led to a new treatment for type-two diabetes.

The recent medical breakthroughs speak to the power of data and the vast potential it has to help improve lives. Unfortunately, as data becomes more valuable, the threats become more dire. As the attackers evolve, organizations need to take a holistic approach if they want to defeat the threats.

The Critical Risks to Healthcare Data 

Ransomware is the leading risk. Sensitive data is a honey pot to cybercriminals, and because healthcare organizations maintain so much of it (i.e., medical records, patient forms, health insurance claims, provider and patient communication records, etc.) they are vulnerable targets.

Cyber attacks on healthcare organizations have become so frequent that 45 million people were directly affected in 2021. This summer, one of the largest healthcare cyber incidents to date struck more than 2 million patients across 50 facilities in an attack on Shields Health Care Group.

If the right systems aren’t in place, recovering after a cyber attack such as ransomware can be an exhausting process that takes weeks or months. Even more concerning, businesses are sometimes unable to fully restore data lost in an attack. Aside from productivity disruption, losing critical healthcare data could impact an organization’s ability to maintain its operations. If you are a hospital or healthcare provider – this could be catastrophic. Some often resort to paying large ransoms to resolve the issue, but this should never be the solution.

While ransomware is the most prevalent threat, natural disasters have become more frequent and destructive and are striking new locations. Large storms like Hurricane Sandy and Katrina caused hospitals to evacuate patients and their data to alternative facilities. Since they were in high-risk areas, the hospitals had prepared for regional emergencies, but many data systems were down for weeks. Today, when healthcare is almost impossible without the patients’ data, one disaster can wipe out a hospital’s data center and its ability to provide care. Even worse, the hospitals that have faced recent flooding, fires, and heat waves were not in traditional disaster zones, so they had insufficient disaster recovery plans for their data.

Finally, insider threats have become almost ubiquitous. The data is so valuable that many disgruntled employees are either stealing and selling data. Some are threatening to destroy it. Still others are acting as the vehicle to deliberately import ransomware. Regardless, some of the greatest threats come from within your network.

In all cases, whether it’s from a ransomware attack, flood, or insider, losing data harms patients, slows research, and causes the public to lose faith.

Give Data the (Health)Care it Deserves

Your data must be protected and available on demand, no matter the circumstance. You must adopt the mindset that it’s not a matter of if but when the unexpected will happen. When that time comes, you must recover data quickly to limit downtime and service disruption. To do so, you must create an integrated protection plan and constantly stay vigilant. The attackers are changing, so when it comes to protecting your data, you cannot “set it and forget it.”

Start by finding the islands of data your organization manages, who has access to it, and how it is growing. Then, back up all your data to a secure, offsite location. This will ensure that if your primary environment becomes compromised by a disaster, such as an unexpected flood to your data center, you’ll have duplicate information on stand-by. Finally, try to assess which types of data support your mission critical applications, so you can set up additional high-availability infrastructure.

Why protect all your data before trying to assess whether it is mission critical? First, it can be difficult to understand the relationship between data, infrastructure, and applications. While you try to untangle the knot, disaster could strike. Second, there is always new data in new locations. By default, protect it because it is better to be safe than sorry. Third, the priority of data always changes, so the assessment will never complete.

Protecting your data can feel overwhelming, so Instead of taking on this task by yourself, modern systems can help ensure automated backups are always happening. The cloud is a dependable platform that can help you meet global recovery needs in the event of a disaster because it doesn’t depend on any on-premises hardware or appliances.

With so many risks to data, now is not the time to turn a blind eye. By mastering the fundamentals, you’ll be able to rest easy knowing that when the worst eventually happens, your data will be protected.