Skip to main content

Five steps to securing healthcare data and assuring continuity through crisis

(Image credit: Image Credit: Lightpoet / Shutterstock)

It would not be an overstatement to say that healthcare workers have proved themselves to be the real heroes of the Covid-19 pandemic. Their rapid and selfless response is an incredible example of what can be achieved when good people come together and rise to the challenge in the face of adversity. Across the world, it has been both humbling and awe-inspiring to see.

Meanwhile, behind the headlines, the pandemic is having a significant impact on the way health providers leverage technology. While many next-generation healthcare systems, including telemedicine, data sharing, and remote working, were already in place, the degree to which healthcare organizations have ramped up their usage has been extraordinary.

The increased speed and scale of technology usage have led to a corresponding rise in patient data. This is data that healthcare organizations are obligated to store and must ensure it is effectively secured, safe from malicious actors and intelligently managed.

For example, healthcare practices must store the recordings and transcripts of telemedicine sessions. They must protect imaging data generated by diagnostic devices like CT scans, MRIs, and X-rays. Then, they must also manage the terabytes of unstructured data shared among healthcare professionals that are working both onsite and remotely.

These factors translate to high-performance requirements for IT systems as waves of new data are created, thus shining an even brighter light on the importance of effective data backup and recovery. Sadly, as healthcare organizations pivot more resources to the frontline in the fight against Covid-19, bad actors are trying to take advantage of the situation. Interpol recently warned that cybercriminals are increasingly targeting healthcare institutions with ransomware attacks that are designed to extort payments by encrypting critical data. As well as this, the Health Information Sharing and Analysis Centre says that its members have reported a 30 percent increase in the number of Covid-19-themed phishing sites.

This double hit of rapid data growth and rising cyber threats has intensified the need for a robust, comprehensive disaster-recovery strategy. Below, we have outlined five ways in which healthcare institutions can implement an effective data backup and recovery plan that protects patient data and minimizes potential downtime.

  • Test, test, test. The same as testing is paramount for determining the spread of a virus, testing for IT vulnerabilities and connectivity issues is a fundamental first step. At this critical time, healthcare organizations would be wise to consider engaging a third party to conduct penetration testing of their online environment. Also, they should be sure to regularly test their data backup and recovery procedures and processes to ensure that all systems are working the way they should. This process ensures that all data is quickly and easily recovered in the case of a cyberattack or another emergency. Testing should also include a thorough review of the backup and recovery plan. If an organization does not have such a plan, it is time it made one. And if it does have one, it’s important to make sure it is has a regular dusting off.
  • Teach good cyber-hygiene. It is not just clean hands that healthcare workers need. It is also good cyber hygiene. If healthcare employees have never heard of ransomware or phishing, they cannot be expected to protect against it, and it is more likely that they will click on malicious content that has potential to jeopardize the organization. For this reason, it is essential to educate all employees on the basics, of identifying malicious emails, selecting strong passwords, and regularly patching and updating their device’s software. It is also a good idea to send alerts to staffers to let them know about the latest known ransomware and phishing attacks so they are able to recognize and avoid them.
  • Use snapshots to back up data. Ransomware is lethal to healthcare institutions because it can block them from accessing critical patient data, which can potentially put lives at risk. But if critical patient data is backed up to a reliable source, ransomware immediately loses its sting. One of the best forms of backup is immutable object storage which continually protects information by taking snapshots in regular 90 second intervals. As a result, even when data is overwritten by ransomware, older objects remain immutable and unchanged. The net result is that healthcare organizations can quickly recover the most recent version of their data, which therefore takes the bite out of ransomware attacks. 
  • Consider converged, scale-out storage. Healthcare organizations can streamline their data-backup and protection capabilities by integrating primary, secondary, and cloud storage in a single solution. This integration can eliminate storage and data protection silos while significantly reducing the risk of any downtime. What is more, this kind of storage can be scaled up as needed, which means healthcare institutions can start with a few terabytes of capacity, and then scale up as needed, while requiring minimal configuration or application changes.
  • Do not skimp on encryption. Healthcare organizations are good at encrypting data in transit, but they often neglect to encrypt their resting data. This represents a dangerous vulnerability because if a data leak does occur, hackers are likely to steal resting data. Encryption at rest can protect against the vulnerability of drives being removed that may contain critical data. By properly encrypting data at rest, healthcare institutions can make it harder for hackers to make sense of patient data, even if they do happen to gain access.

Healthcare organizations have never been tested the way they are being tested today. Under such tremendous pressure, mistakes happen, and data can be lost, deleted, or removed. Being prepared will help release stress in advance and ensure IT infrastructures serve to support the incredible work and outcomes of our healthcare industry.

Florian Malecki, International Product Marketing Senior Director, StorageCraft (opens in new tab)

As International Product Marketing Director at StorageCraft, Mr. Florian Malecki drives the development of the vendor's data protection and storage solutions for the regions’ markets.