For proof you have to look no further than the healthcare sector. In order to provide ever-improving levels of patient care, medical practitioners and support staff are collecting and using more data than ever before. Lab reports, scans, treatment plans, and patient histories are all carefully recorded and stored.
The rise of Electronic Health Records
While it might be just one component of the vast landscape that is healthcare data, Electronic Health Records (EHRs) are a vital part of Australia’s healthcare system. They enable every healthcare provider involved in an individual’s care to see at a glance the information they need to guide their decisions and treatment options.
This information might include health conditions, treatments and medicines, allergies and past reactions to medicines, tests, scans and X-ray results, lifestyle information, such as whether a person smokes or drinks, and hospital admission and discharge information.
Now in 2020, a wide range of different centres, specialist and generalist, public and private deliver healthcare. Sharing information between them is complex, particularly where providers buy their own systems which don’t easily communicate with all others.
The issue is compounded when people travel - including across national borders - so that data sharing has to navigate data standards, linguistic, privacy and compliance issues.
Yet, from the perspectives of patient care, scalability and economy, an EHR needs to be able to travel freely and unencumbered along a complicated highway stopping where it needs to stop as often as it needs to do so. In all of this, backups are as important in this as live data.
EHRs and cybercrime
It is unsurprising that with so much personal data held within them, EHRs are of interest to ‘bad agents’. A ransomware attack, which effectively cuts off access to EHRs, can completely dismantle a healthcare organisation’s ability to do its job. Without access to patient data, it can’t serve the patient.
Ransomware attacks can target both working files and backups, and when both are compromised, a healthcare provider is really in trouble.
They are also really in trouble if they have a clean backup but don’t have the confidence that it is complete, or the capability to restore it at speed. There is a very real sense in which restoring a clean, complete backup is a key capability in the fight against ransomware attacks.
This is not a revelation, so what’s stopping healthcare organisations from getting to a position where they have clean, complete backups, and can restore them at speed?
The central role for effective data backups
Backup systems can be low in the pecking order when finances are scarce, with the priority given to live systems. But backups are live too. And they can play a central role in modern compliance requirements. For example, the GDPR, which applies to any country that handles data of a European citizen, requires that personal data is stored securely, that it is easily located, and easily deleted when not required. Including from backup systems.
Being confident that an organisation can get back up and running quickly with the most up to date information restored after an issue is vital, and in healthcare lives can depend on it. This makes having state of the art backup systems a ‘must-have’. Yet far too often, we see both backup and recovery systems that are time-consuming, and that have not been tested for a long time, so there is little confidence that they really can restore everything.
Backup systems also need to be as robust as live or production ones when it comes to data security. Ransomware attacks are here to stay, and they are known to target the healthcare sector because of the vast swathes of personal data. One way to fight a ransomware attack is to restore a clean, up-to-the-minute backup, albeit not the most recent as that itself might be compromised. Legacy systems will not provide the frequency of backups needed to eliminate data loss, and might not provide the required level of assurance. There is little point spending time, effort and money restoring a backup that is itself compromised.
Just keeping legacy backup systems going is not an option due to the higher total cost of ownership compared to modern approaches, they require significant management time, and can often need a specifically dedicated and expensive headcount.
Enhancing security and compliance
Replacing a legacy backup system with something more modern, that takes a more advanced approach to data management reduces backup and restore times, and at the same time provides enhanced security and compliance. When Cohesity provided Riverside Healthcare, operating in five counties in Illinois, Texas, with backup and restore services, it gained time savings of 70 percent for backup and restore. Not only that, but its data storage capacity requirement was also reduced by 50 times. A single virtual machine can be restored in minutes where previously it took hours.
Such time savings can be of immense importance when accessing an EHR could be time-critical for an aspect of patient care. But to achieve this while also making cost savings is a double win. Lowered storage capacity requirements are one aspect of tangibly reduced TCO. At Riverside Healthcare data centre storage was reduced both by eliminating the use of tape and by requiring considerably less rack space than previously. In fact, the overall cost saving was more than 30%. It so happens that Riverside Healthcare uses Epic, but the principle applies to any EHR system.
Access is the key
What matters most with Electronic Health Records is their availability. There is little point creating them if all you’re doing is providing target practice for bad agents and their ransomware. To ensure EHRs are indeed available whenever they are needed, a healthcare provider needs confidence that their backup systems are reliable, safeguarded from attack, and can be restored at speed.
At the end of the day, healthcare backup systems that use legacy technologies are expensive to maintain, challenging to scale, provide a lack of consistent security cover, don't enable mass file restore, and are unlikely to deliver at the speed required when they are most needed. It’s time for healthcare companies to re-examine their strategies for data management because failing to do so could have dire consequences.