Avoid IT Disaster with Disaster Recovery Services
November 2, 2017
In May 2017, ransomware hit 99 countries. It was the first time global attention focused on this form of cyber attack – and the sheer magnitude of these breaches was particularly newsworthy. At least 75,000 companies and government offices were affected, including hospitals. In the U.K., sixteen state-run hospitals were disrupted, with some departments canceling services – including ER care.
This post looks at the incidents of ransomware as one example of how hospitals need to be sure their operating systems are up to speed and data backups are robust. What is ransomware and why is it still a threat? Could disaster recovery services in the cloud be the best medicine for hospitals experiencing service disruptions?
What is Ransomware and Why are Hospitals Vulnerable?
Ransomware is a form of malicious computer virus that locks up data until the victim pays a ransom to release it. The malware, such as the virus called WannaCry, that caused the biggest cyber breach to date, is typically delivered in the most innocuous fashion possible – through a normal-looking email. Users click the email thinking it is legitimate, and it downloads the virus, encrypting hospital data and disrupting operations.
Fighting these threats, of course, is particularly critical in the healthcare field, where service disruption could mean lives lost. But ransomware attacks are not new, they are simply bigger in scope. But the irony, as pointed out in Wired, is that experts have been warning users about the Windows vulnerability that allowed the breach to happen. Simply put, there were two ways to prevent WannaCry, but because these businesses did not follow best practices, they were infected:
Get a free assessment of IT disaster recovery best practices.
Healthcare providers often have traditionally lagged behind in budgeting for disaster recovery services, despite the fact that the alarm has been sounded for the past several years. With the onset of electronic medical records, HIPAA forced many CIOs to comply with the regulation that any organization that handles Personal Health Information (PHI) or Personal Health Records (PHR) establish a disaster recovery services plan.
Under HIPAA and HITECH regulations, some healthcare providers have opted for virtualized disaster recovery services as a lower cost yet secure way to ensure business continuity no matter what type of disaster threatens their data.
Virtual Disaster Recovery Services for Healthcare Providers
Creating a virtual server in the cloud is one way to ensure the return to business as usual and minimize patient disruption during a ransomware attack. The organization is typically able to transparently move operations to the cloud until the physical hardware can be recovered.
But disaster recovery services in the cloud is not as simple as it sounds; HIPAA, PCI DSS compliance, and Joint Commission requirements all entail special procedures that require an experienced IT team to enforce. Under these regulations, there are three primary plans for disaster recovery that healthcare providers must maintain:
Many healthcare providers opt for outsourcing disaster recovery services in order to handle compliance as well as security. Leveraging virtual machines in a remote data center is one way to ensure off-site data backups, as well as using the cloud on the fly in the event of a physical on-site disruption such as a power outage or flood.
Hitech has endorsed the virtual approach as viable to disaster recovery services, and Gartner called the technology “mature” in 2016. The benefits of virtual disaster recovery services include:
In today’s regulatory-laden and cost-conscious environment, virtual disaster recovery services is a viable option for the smallest practices to the largest system. The benefits, in fact, stretch beyond healthcare to include businesses in all sectors. Creating virtual machines in the cloud with real-time backups are in fact the best approach to stopping a ransomware attack in its tracks – or any disruptor that threatens core business functions.
Contact TOSS C3 today to discuss how our team could help your healthcare organization create a virtual disaster recovery services plan and implement it as a fully compliant option to keep patients safer and avoid IT disaster in 2018.
Subscribe now and stay up to date with News, Tips, Events, Cybersecurity, Cloud and Data Compliance.