Due to the increase in ransomware attacks across the healthcare sector, organizations must take the time now to develop and execute stronger data management strategies. That includes the consistent backup of all patient and operational files so that this information is still available internally in the event of an attack. The reason for this is three-pronged: first, to avoid the financial loss from paying a ransom in order to regain data access; second, to protect patient health and the organization’s reputation; and third, to ensure that all data is recovered, instead of the average 69 percent retrieved by ransomware victims who paid their attackers, according to SC Media. This begs the question, what is the most appropriate data backup strategy for your team?
Offsite and Virtual Backups
Traditionally, data backups were comprised of paper copies and tapes that were sent to offsite storage locations. This system was effective because it protected these files against fires and natural disasters, without the need to connect that information directly to the Internet.
Today, offsite storage may still be required for compliance, but can also be time-consuming to maintain and slow to access in the event of an emergency — especially in a hospital setting where patients’ lives may depend on that information. That’s why digital backup recovery on local data servers can be essential to prevent as little downtime as possible.
The only catch? These backups may still be hackable when connected to a local area network that is, in turn, accessible through the Internet.
Air gapping is the term used to describe data that’s been isolated from a network. It’s applicable to legacy, removable storage media like tapes (known as physical air gapping), as well as on-site media hardware that isn’t removable (logical air gapping).
For many healthcare organizations, logical air gaps may be the preferred method to their data storage strategy, as it offers the most immediate access to that data. According to SearchDataBackup.com,
Logical air gaps rely on network and user access controls to create isolation from the production and primary backup environments.
For example, admins may isolate the backup copy by removing access via production-accessible [user interfaces] or via host or administration networks. This only enables data transfer through a designated, secure networking port and firewall that are only opened and closed when data is being transferred. Also, some methods require physical access to the designated air gap system with an interface that can be disconnected when not in use.
—Air gap backups provide another layer of protection, Krista Macomber
A Comprehensive Incident Response Plan
Regardless of the type of air gapping used, HIPAA requires healthcare organizations to have a comprehensive incident response plan in place if they want to comply with the Security Incident Procedures standard. As HealthITSecurity explains, this includes the development of “a data backup plan, a disaster recovery plan, and an emergency mode operation plan, among other administrative safeguards.” They add that “not all incident response plans are equivalent,” and that organizations must create one “that is customized specifically to fit their … needs.”
The more prepared an organization is, the faster it can respond in the face of a cyberattack to keep its patients safe and its reputation intact with minimal financial loss. When it comes to developing a plan for your data, we can help. HCRS has worked with organizations like yours to strengthen their data management, protection, and compliance. Let us know when you’re ready for a conversation.