By Nikhil Korgaonkar, Regional Director, Arcserve India & SAARC
Healthcare organizations have made tremendous progress in adopting medical technology to increase their efficiency and improve the quality of care they deliver to patients. The new technology ranges widely, from automated patient check-in to connected IoT devices that can monitor a patient’s health and predict when illness is imminent.
However, with all this technology comes a different set of challenges for the healthcare industry. IT-centric solutions produce massive amounts of data that must be stored and protected—especially now, as the COVID-19 pandemic has caused a surge in remote healthcare.
Many healthcare appointments are now being made virtually via tele-health apps. All those remote consultation sessions need to be logged and stored for a standard period. On top of that, there are more patients than ever being admitted to hospitals, which further increases data volumes. And even more, data is being created around digital health passports and the status of an individual’s COVID-19 testing and vaccination.
As a result, the data demands of a healthcare organization can quickly explode. And it’s not just the growing data but the resources required to store, protect, and intelligently manage it all.
In the face of this unrelenting data growth—and the need for uninterrupted data availability—adequate storage and data backup is an urgent concern, particularly as healthcare systems must now factor in future black swan events like the COVID-19 crisis, which has put the industry under enormous stress and burden.
Most importantly, the pandemic phase also observed that healthcare organizations are increasingly coming under cyber threat, especially from ransomware attacks, which lock up files associated with a hospital’s critical patient data and information systems, then demand a large payment to unlock them.
In 2020, during the COVID surge, more than a third of healthcare organizations suffered a ransomware attack globally. Of those, 65% said the cybercriminals encrypted their data as part of the attack, according to cybersecurity company Sophos. Furthermore, Cybersecurity Ventures predicted that the healthcare industry will suffer 2-3X more cyberattacks in 2021 than the average amount for other industries.
Only a year ago, Indian pharma major Dr Reddy’s Laboratories reported an “information security incident” which involved a ransomware attack. It led the company to even temporarily shut down some of its production facilities around that time. Barely a fortnight later, another drug manufacturer Lupin reported having faced a similar attack.
Being one of the most data-sensitive industries, it is imperative for healthcare organizations to be best prepared with their data protection and management strategies. Here are three ways healthcare organizations can eliminate the risk of data loss and protect their priceless digital assets.
1. Put a plan in place and train employees in security
The weakest link in security is often the user. In healthcare, many users of technology do not come from a technical background. They are skilled in their areas of expertise but not so much with evolving technologies and the multiplying numbers of endpoints where they must enter data, retrieve records, and manage and maintain them. This situation is ripe for data exfiltration and other malware attacks.
Healthcare providers are particularly susceptible to this kind of extortion due to their dependence on up-to-the-minute information from patient records. COVID-19 has heightened this susceptibility. Understandably, many providers pay the ransom rather than risk the lives of their patients.
So, what to do? Start by implementing a security awareness program. Such a program can effectively teach employees to spot phishing emails that are the first step in a ransomware attack. There are plenty of security awareness programs to help train your employees by simulating phishing attacks.
Also, have a disaster recovery plan in place. Healthcare providers need to have a disaster recovery plan if their data is compromised, either through a cyberattack or an event like a natural disaster. The plan should include defining what data needs to be protected, how frequently backups need to happen, and how quickly data needs to be restored. The plan should also outline the necessary steps to ensure the critical systems that run the organization are brought back up and in what order.
2. Embrace new digital tools for backup and recovery
Another critical step that healthcare organizations should take is to adopt the 3-2-1-1 data-protection strategy. This strategy directs that you have three backup copies of your data on two different media, such as disk and tape, with one of those copies located offsite for disaster recovery. The final one in this equation is immutable object storage.
Immutable object storage is a next-gen data security tool. It safeguards information continuously by taking snapshots of it every 90 seconds, which means organizations can quickly recover their data even if disaster strikes. These snapshots provide point-in-time data recovery. Organizations can use the snapshots to roll back to a previous file state in downtime, natural disaster, or ransomware attack. Immutable snapshots can’t be altered, overwritten, or deleted, so they safeguard data integrity from loss due to human error, hardware failure, or ransomware attack.
With immutable snapshots, healthcare organizations can ensure the smooth and uninterrupted delivery of services and operations—even during a disaster or ransomware attack.
3. Trust your channel partners
Channel partners proved their value time and again during the COVID-19 crisis. They played an essential role in helping healthcare organizations digitally transform their operations while ensuring that data remains accessible and secure.
The reality is that, even in a post-COVID-19 world, there will be a compelling need for a data backup and disaster recovery solution, as data will continue to multiply and the digital landscape will remain a playground for cyber attackers.
Channel partners stay abreast of the latest and greatest cyber tools, which mean they can effectively assist healthcare organizations with safeguarding their data. And, in case of a disaster, channel partners can help healthcare organizations get back online without hindering their productivity or putting patient lives at risk.
Channel partners can also help healthcare organizations conduct penetration testing inside their environment and help them regularly test their data-backup procedures and processes to ensure that all systems are working the way they should. It helps guarantee that organizations can quickly and easily retrieve their data in the case of a cyberattack or another emergency.
Healthcare organizations are being tested as never before. And no matter what tools and processes they have implemented to date, they must recognize that data security threats are ever-evolving. In other words, healthcare organizations must always remain vigilant. Fortunately, by better managing and protecting their data, healthcare organizations can offer a high level of care and create positive patient outcomes safe from any digital disaster.
