5 Steps to Securing Healthcare Data and Assuring Continuity Through Crisis

The following is a guest article by Sean Derrington, Senior Director of Product Management at StorageCraft.

It is not an overstatement to say that healthcare workers are the real heroes of the Covid-19 pandemic. Their rapid and selfless response is an incredible example of what we can achieve when good people collaborate and rise to the challenge in the face of adversity. It has been both humbling and awe-inspiring to see.

Meanwhile, behind the headlines, the pandemic is having a significant impact on the way health providers leverage technology. While many next-generation healthcare systems, including telemedicine, data sharing, and remote working, were already in place, the degree to which healthcare organizations have ramped up their usage has been extraordinary.

The increased speed and scale of technology usage have led to a parallel increase in patient data—data that healthcare organizations are obligated to store, secure effectively, and intelligently manage.

For example, healthcare practices may want to store the recordings and transcripts of telemedicine sessions. They must protect imaging data generated by diagnostic devices like CT scans, MRIs, and X-rays. Then, they must manage the terabytes of unstructured data shared among healthcare professionals working onsite and remotely.

These factors translate to high-performance requirements for IT systems as waves of new data are created, thus shining an even brighter light on the importance of data backup and recovery. Sadly, as healthcare organizations pivot more resources to the frontline in the fight against Covid-19, bad actors are trying to take advantage of the situation. Interpol recently warned that cybercriminals are increasingly targeting healthcare institutions with ransomware attacks designed to extort payment by encrypting critical data. Additionally, the Health Information Sharing and Analysis Center says that its members have reported a 30% increase in the number of Covid-19-themed phishing sites.

This double whammy of rapid data growth and rising cyber threats has intensified the need for a comprehensive disaster-recovery strategy. Below, we list five ways in which healthcare institutions can implement an effective data backup and recovery plan that protects patient data and minimizes potential downtime.

  1. Test, test, test. The same as testing is paramount for determining the spread of a virus, testing for IT vulnerabilities and connectivity issues is a fundamental first step. As a healthcare organization, you should consider engaging a third party to conduct penetration testing of your environment. Also, be sure to regularly test your data backup and recovery procedures and processes to ensure that all systems are working the way they should. This process ensures that your data is quickly and easily recovered in the case of a cyberattack or another emergency. Testing should also include a thorough review of your backup and recovery plan. If you do not have such a plan, it is time you made one. And if you do have one, be sure to give it a regular dusting off.
  2. Teach good cyber-hygiene. Healthcare workers do not only need clean hands. They need good cyber hygiene. If your workers have never heard of ransomware or phishing, they cannot protect against it—and it is more likely they will click on malicious content that can jeopardize your organization. It is essential to educate everyone on the basics, of identifying malicious emails, selecting strong passwords, and regularly patching and updating their device’s software. It is also a good idea to send alerts to staffers about the latest known ransomware and phishing attacks so they can recognize and avoid them.
  3. Use snapshots to back up data. Ransomware is lethal to healthcare institutions because it can block them from accessing critical patient data, potentially putting lives at risk. But if critical patient data is backed up to a reliable source, ransomware immediately loses its sting. One of the best forms of backup is immutable object storage which continually protects information by taking snapshots in regular 90 second intervals. As a result, even when data is overwritten by ransomware, older objects remain immutable and unchanged. The net result is that healthcare organizations can quickly recover the most recent version of their data and take the bite out of ransomware attacks.
  4. Consider converged, scale-out storage. You can streamline your data-backup and protection capabilities by integrating primary, secondary, and cloud storage in a single solution. This integration can eliminate storage and data protection silos while decreasing the risk of any downtime. What is more, this kind of storage can be scaled up as needed, which means healthcare organizations can start with a few terabytes of capacity, then scale up, while requiring minimal configuration or application changes.
  5. Do not skimp on encryption. Healthcare organizations are good at encrypting data in transit, but they often neglect to encrypt their resting data. This represents a dangerous vulnerability because if a data leak does occur, hackers are likely to steal resting data. Encryption at rest can protect against the vulnerability of drives being removed that may contain critical data. By properly encrypting data at rest, healthcare institutions can make it harder for hackers to make sense of patient data, even if they gain access.

Healthcare organizations have never been tested the way they are being tested today. Under such tremendous pressure, mistakes happen, and data can be lost, deleted, or removed. Being prepared will help release stress in advance and ensure IT infrastructures serve to support the incredible work and outcomes of the healthcare industry.

About Sean Derrington

Sean Derrington, Sr. Director – Product Management at StorageCraft, has more than 20 years of storage experience. Prior to StorageCraft, Sean led product management at Exablox (acquired by StorageCraft) and Veritas/Symantec and has held multiple product marketing and management positions covering storage management, cloud, and virtualization solutions. Before Veritas, he was the lead storage analyst at Meta Group. He holds a B.S. in Material Science and Engineering and a B.S. in Engineering and Public Policy, both from Carnegie Mellon University.