The greatest innovation in healthcare in the last twenty years is something that connects us all… data. At any given moment, healthcare facilities, hospitals and more rely on data to operate more efficiently, drive forward patient care and further develop medical research. Even in the last two years, data has been paramount to the development of mRNA technology that has helped us combat the COVID-19 crisis and even led to a new treatment for type-two diabetes.
The recent medical breakthroughs speak to the power of data and the vast potential it has to help improve lives. Unfortunately, as data becomes more valuable, the threats become direr. As the attackers evolve, organizations need to take a holistic approach if they want to defeat the threats.
Let’s explore what these threats are and what healthcare institutions can do to protect the essential data of their customers and patients.
The health risks of patient data in healthcare
Ransomware is among the leading risks in data exploitation — and sensitive patient data is a honey pot for cybercriminals looking to take advantage of glaring vulnerabilities. Because healthcare organizations keep up with such a high volume of data (i.e., medical records, patient forms, health insurance claims, provider and patient communication records, etc.), they can become prime targets for hackers.
Cyber attacks on healthcare organizations happen so often that 45 million people were directly affected in 2021. In the summer of 2022, one of the largest healthcare cyber incidents to date struck more than 2 million patients across 50 facilities in an attack on Shields Health Care Group.
The right systems must be put in place in order to protect hospitals and other key healthcare infrastructures from these types of attacks. Successful attacks can leave healthcare organizations reeling for weeks or even months, with many juggling the ransom demands from malware gangs with the bureaucracy and communications needed to reconcile fragile patient data. This can put enormous strain on existing systems and draw the issue to its breaking point.
Additionally, natural disasters are more frequent, destructive, and striking new locations. Large storms like Hurricane Sandy and Katrina caused hospitals to evacuate patients, taking them and their sensitive data to different facilities. Many data systems were down for weeks during these disasters, making patient identification, health logs and more incredibly difficult to track. Today, when healthcare is almost impossible without the patients’ data, one disaster has the potential to wipe out a hospital’s data center and its ability to provide care, especially when that hospital has nothing in place to effectively restore lost patient data once it happens.
Finally, one of the greatest threats to patient data comes from the inside. Patient data has been stolen or sold by those who had insider access, making the threat of these kinds of exploitations both an internal and external affair. In all cases, whether it’s from a ransomware attack, flood, or insider, losing data harms patients, slows research, and causes the public to lose faith.
Healthcare data deserves a routine check-up
It is paramount that your data be protected and available on demand, no matter the scenario. Adopting the mindset of anticipating the unexpected is key to a successful anti-ransomware strategy. When that time comes, you must recover data quickly to limit downtime and service disruption. Creating an integrated protection plan and staying vigilant is important — ransomware actors are constantly updating their methods of attack so when it comes to protecting your data, you cannot “set it and forget it.”
Begin updating your own plan by identifying the areas that your teams have access to and which areas are experiencing rapid data growth. Once you have done that, back up all your data to a secure, offsite location. This will ensure that in the event your primary environment becomes compromised by a disaster, like an unexpected flood to your data center, you’ll have duplicate information on standby. Finally, try to assess which types of data support your mission-critical applications, so you can set up additional high-availability infrastructure.
What’s the purpose of protecting all data ahead of determining which parts are mission-critical? First, it must be understood that the relationship between data, infrastructure, and applications can be complex. Disaster can strike amidst your attempts to untangle the web of data in your infrastructure. Second, new data is constantly being processed and uploaded to new locations. By default, you should protect it because it is better to be safe than sorry. Third, data prioritization always changes, so you don’t want to sell yourself short leaving key data points unprotected.
Protecting your data can feel overwhelming, so your goal should be to deploy modern systems that ensure automated backups are constantly occurring. The cloud is a dependable platform that can help you meet global recovery needs in the event of a disaster — it doesn’t depend on any on-premises hardware or appliances to provide the support your organization may need in the time of an attack.
About Stephen Manley
Stephen Manley is the Chief Technology Officer at Druva, a SaaS platform for data resiliency, and the only vendor to ensure data protection across the most common data risks backed by a $10 million guarantee. Stephen delivers solutions to help customers extract the full potential of their data. In leading development of data management capabilities for startups and serving as CTO of the Data Protection Group at Dell EMC, Stephen found his passion in partnering with customers to solve data protection challenges for today’s enterprise and evolve modern data storage. He also spent time at NetApp as a senior technical director of data protection.