Disaster recovery services

Hacked! Disaster Recovery Services for Healthcare Providers

March 19, 2020

2018 was a good year for healthcare hackers. Becker’s Health IT & CIO Review says there were 945 data breaches in the U.S. These incidents illustrate the importance of disaster recovery services in healthcare and other fields as a way to mitigate risk.

This post explores the data breaches in healthcare this year as cautionary tales for the unprepared. How can disaster recovery services help healthcare providers shore up vulnerabilities? How can disaster recovery also help hospitals during natural disasters or other service delivery disruptions?



Hackers Strike – Incidents

A laundry list of hacker incidents by the midpoint of this year showed that the size of the facility was less important than the holes left in their infrastructure. Here are some of the statics that healthcare providers should note, as taken from the pages of Becker’s:

  • Healthcare accounted for more than 22% of all data breaches in the U.S. this year.
  • Highlighting the vulnerability of employee error, phishing scams ranked as the number one way for hackers to break into systems. Phishing is fraudulent emails that contain malicious computer viruses.
  • California healthcare providers experienced the highest volume of data breaches this year, with more than 100 reported in the first six months.
  • A full 60% of these breaches exposed patient social security numbers.

In what may be called an ironic twist, Becker’s published the results of a Medical Group Management (MGMA) poll at the same time as the release of these hacker statistics. The MGMA poll showed that 55% of healthcare providers believe their organization is safe from cyber terrorism threats.

In the meantime, the Identify Theft Resource Center (ITRC) reported approximately 12.4 million people had their information hacked this year. That’s a 37% increase from 2016.

To harden their infrastructures, the MGMA Government Affairs committee recommended the following for all healthcare providers:

“…conducting a HIPAA security risk assessment, updating operating systems and antivirus software, encrypting systems and files containing patient information and frequently training staff on malware protection protocols.”



Weathering the Storm with Disaster Recovery Services

HealthTech Magazine illustrated the number one thing that hospitals, medical practices, and other care delivery entities can do to protect their data: create a strategic disaster recovery plan. The article points out that natural disasters are just as prevalent as cyber terrorism and healthcare providers must prepare for both.

In an article called “Strategic Tech Planning is the Heart of Healthcare Disaster Recovery,” HealthTech Magazine interviewed several forward-thinking CIOs about the techniques they’re using to prepare for the worst possible outcomes. For example:

  • The four hospitals at Health First in Florida recognized their propensity to endure hurricanes, given their geographic location. The CIO took steps to create redundancies that allowed the facilities to transfer data and workflows to another facility during a hurricane or other crisis.
  • Baystate Health in Massachusetts upgraded their data centers to a hyper-converged, resilient model with servers located in three locations. The CIO noted that these locations could be siloed, which could isolate data breaches to prevent it from spreading throughout the network. The provider also stated they were moving some crucial functions to the cloud to add more redundancy and security.

Clearly, the move to the cloud isn’t as controversial in healthcare circles. A HIMSS Analytics 2016 Cloud Survey pointed out that 47% of providers were planning to use it for business continuity and disaster recovery services. Health First utilized a hybrid model, which ultimately swings into effect anytime a hurricane threatens. This attitude signals a new approach by healthcare CIOs that have been reluctant to consider the cloud as a safer option than on-premise deployments.

   Get a free assessment of your ability to respond to cyber terrorism.

Disaster Recovery Services Requires Planning

Planning for the event requires detailed planning along with hardening of technology infrastructures. While the response to a hacker breach is different from preparing for a tornado, the planning process is the same.

Disaster recovery services planning requires detailed plans that take into account the internal people, processes, and technology. At the same time, creating an external communications plan will help customers and other stakeholders understand what’s happening and how your facility is responding. Conducting drills to test these scenarios is a best practice for disaster recovery.

With the average cost of an unplanned healthcare data center outage averaging $918,000, according to the Ponemon Institute, hospitals can’t afford to develop a disaster recovery services plan for the future.

Get peace of mind – get a disaster recovery plan in place. Request a quote on TOSS C3 disaster recovery services.

Let's Start a Conversation.

Connect with us and experience the TOSS difference.

Send this to a friend