We Bring the Cloud to Healthcare

It’s Time to Rethink Healthcare Data Backups

March 24, 2022

It’s Time to Rethink Healthcare Data Backups

Over the past decade, my focus has been to ensure the security and stability of backups, recovery, and archiving for our healthcare customers. Proactively protecting a healthcare system’s environment keeps the focus on patients receiving the highest caliber of care. In the past, the strongest line of defense against ransomware was to implement a strong firewall and a good backup. This, unfortunately, is not enough anymore.

More and more cyber threat actors are directly attacking backups as part of their strategy. Once a backup is attacked, there is little to no recourse an institution can take to recover successfully. Recently I witnessed a ransomware event that resulted in a 16-day outage and disrupted performance at all levels of the hospital. Events such as this have led me to the conclusion that the industry needs to rethink its approach. Even two-day long outages can impact patient care. In my opinion, immutable backup systems are now the best line of defense and recovery by preventing the alteration or deletion of any sensitive information from all threats, internal and external.

It’s time that we as an industry re-examine our current cybersecurity standards and accept they will always be changing For a long time, air gapped networks were considered the ultimate line of defense against cyberattacks. Being physically isolated from other vulnerable networks or devices was one of the most secure precautions an institution could take. However, most systems create the airgap after completing the daily backup. With the proper credentials, a bad actor can still access the “air-gapped” data during the process using this window to encrypt or delete your backups. An immutable backup that is physically isolated and without connectivity prevents this and is the best way to rebuild from devastating ransomware attacks.

With cybersecurity insurance providers beginning to require organizations to institute immutability policies on their backup systems, I believe that the industry is heading in the right direction. However, it’s still as important as ever to maintain a robust defense system and realize that as our systems evolve, so do the methods of attack. Today, immutability is the best step you can take to protect your network against security events.

Tony Rienzo is a Technical Manager, Cloud Service Delivery & Recovery, at CloudWave.