Skip to main content

Advertisement

Advertisement

Advertisement

ADVERTISEMENT

Commentary

3 Steps to Protect Your Health Care Organization From Cyber Infection

Shridar Subramanian, chief marketing officer, Arcserve

Health care organizations have made tremendous progress in adopting medical technology to increase their efficiency and improve the quality of care they deliver to patients. The new technology ranges widely, from automated patient check-in, to robots that cruise the hallways of hospitals to give supplies and remove trash, to connected Internet of Things (IoT) devices that can monitor a patient’s health and predict when illness is imminent.

But all this technology creates a challenge for hospitals as well. It produces massive amounts of data that must be stored and protected—especially now, as the COVID-19 pandemic has caused a surge in remote health care.

Think about it. Many health care appointments are now being made virtually via telehealth apps. All those remote consultation sessions need to be logged and stored for a standard period. On top of that, there are more patients than ever being admitted to hospitals, which further increases data volumes. Also, data is being created around digital health passports and the status of an individual’s COVID-19 testing and vaccination.

As a result, the data demands of a health care organization can quickly explode. And it’s not just the growing data that presents challenges, but the resources required to store, protect, and intelligently manage it all as well.

In the face of this unrelenting data growth—and the need for uninterrupted data availability—adequate storage and data backup is an urgent concern, particularly as health care systems must now factor in future black swan events like the COVID-19 crisis.

Here are three ways health care organizations can eliminate the risk of data loss and protect their priceless digital assets.

#1 Put a Plan in Place and Train Employees in Security

The weakest link in security is often the user. In health care, many users of technology do not come from a technical background. They are skilled in their areas of expertise but not so much with evolving technologies and the multiplying number of endpoints where they must enter data, retrieve records, and manage and maintain them. This situation is ripe for data exfiltration and other malware attacks.

The truth is that health care organizations are increasingly under cyber threat, especially from ransomware attacks, which lock up files associated with a hospital’s critical patient data and information systems, then demand a large payment to unlock them. More than a third of health care organizations suffered a ransomware attack in 2020. Of those, 65% said the cybercriminals encrypted their data as part of the attack, according to cybersecurity company Sophos. Furthermore, Cybersecurity Ventures predicts that health care will suffer two to three times more cyberattacks in 2021 than the average number for other industries.

Health care providers are particularly susceptible to this kind of extortion due to their dependence on up-to-the-minute information from patient records. COVID-19 has heightened this susceptibility. Understandably, many providers pay the ransom rather than risk the lives of their patients.

So, what to do? Start by implementing a security awareness program. Such a program can effectively teach employees to spot phishing emails that are the first step in a ransomware attack. There are plenty of security awareness programs to help train your employees by simulating phishing attacks.

Also, have a disaster recovery plan in place. Health care providers need to have a disaster recovery plan if their data is compromised, either through a cyberattack or an event like a natural disaster. The plan should include defining what data needs to be protected, how frequently backups need to happen, and how quickly data needs to be restored. The plan should also outline the necessary steps to ensure the critical systems that run the organization are restored and in order.

#2 Embrace New Digital Tools for Backup and Recovery

Another critical step that health care organizations should take is to adopt the 3-2-1-1 data-protection strategy. This strategy directs that you have three backup copies of your data on two different media, such as disk and tape, with one of those copies located offsite for disaster recovery. The final one in this equation is immutable object storage.

Immutable object storage is a next generation data security tool. It safeguards information continuously by taking snapshots of it every 90 seconds, which means organizations can quickly recover their data even if disaster strikes.

These snapshots provide point-in-time data recovery. Organizations can use the snapshots to roll back to a previous file state in downtime, a natural disaster, or a ransomware attack. Immutable snapshots can’t be altered, overwritten, or deleted, so they safeguard data integrity from loss due to human error, hardware failure, or malware.

With immutable snapshots, health care organizations can ensure the smooth and uninterrupted delivery of services and operations.

#3 Trust Your Channel Partners

Channel partners proved their value time and again during the COVID-19 crisis. They played an essential role in helping health care organizations digitally transform their operations while ensuring that data remains accessible and secure.

The reality is that, even in a post-COVID-19 world, there will still be a compelling need for a data backup and disaster recovery solution because data will continue to multiply, and the digital landscape will remain a playground for cyber attackers.

Channel partners stay abreast of the latest and greatest cyber tools, which means they can effectively assist health care organizations with safeguarding their data. In the event of a disaster, channel partners can help health care organizations get back online without hindering their productivity or putting patient lives at risk.

Channel partners can also help health care organizations conduct penetration testing inside their environment and regularly test their data-backup procedures and processes to ensure that all systems are working the way they should. It helps guarantee that organizations can quickly and easily retrieve their data in the case of a cyberattack or another emergency.

Health care organizations are being tested as never before. And no matter what tools and processes they have implemented to date, they must recognize that data security threats are ever-evolving. In other words, health care organizations must always remain vigilant. Fortunately, by better managing and protecting their data, health care organizations can offer a high level of care and create positive patient outcomes, safe from any digital disaster.

Disclaimer: The views and opinions expressed are those of the author(s) and do not necessarily reflect the official policy or position of the Population Health Learning Network or HMP Global, their employees, and affiliates. Any content provided by our bloggers or authors are of their opinion and are not intended to malign any religion, ethnic group, club, association, organization, company, individual, or anyone or anything.

Advertisement

Advertisement