Opinion Piece: Why checkups shouldn’t only happen in a doctor’s office: protecting data in the healthcare sector

By Peter Godden, VP of EMEA at Zerto

Healthcare IT is faced with many evolving threats and challenges. Regulation in the sector is constantly evolving, creating a greater need for uninterrupted IT services, and cyber criminals continue to present a bigger problem. By targeting hospitals zealously with ransomware and pushing victimised organisations to succumb to their demands, hackers quickly acquire mission-critical, personal data. In the last quarter of 2016 alone, the healthcare sector accounted for the highest number of data security incidents, with 221 cases reported.

These figures are especially striking when you consider that healthcare data is among the most critical data that IT professionals are tasked with managing; quite literally, lives can hang in the balance. Yet so many healthcare organisations are unprepared to defend against, address and recover from disaster when it strikes. In today’s data-reliant environment, if a healthcare organisation’s recovery times are being measured in days or even hours, the damage can be catastrophic from both a corporate asset and patient care perspective.

All organisations, but particularly those in mission-critical industries, must be able to successfully migrate data or recover from a crisis, with minimal impact to critical applications. Doing this efficiently relies on regular testing to guarantee the availability of vital information at all times.

At the forefront, patients have become more demanding and engaged. They expect to have access to information online or through a mobile app – which further exposes IT to threats as vulnerabilities enter the internal system through external users of the network.

On top of all of these challenges, the biggest problems can be less sinister. Numerous self-inflicted issues affect organisations, including inexperienced staff that accidentally shut down a server, or a program that has been configured incorrectly. One of the more troubling sources of interruptions is the regular and routine software upgrades or patches from vendors, which are sometimes not of the highest quality and very often exceed the capacity to adequately test an environment.

While IT is being used to create a competitive advantage, it’s also creating a stronger dependency on data to keep operations running as normal. With this ever-increasing dependence on data, healthcare IT organisations must put strategies in place to ensure there is never any downtime. They can achieve this with new cloud-friendly technologies that allow dramatically simpler disaster recovery that make non-disruptive testing possible, at any time. With these advancements, healthcare IT organisations can accelerate service levels and maximise uptime in the event of an attack, disaster or error.

The Cost of Downtime

When most organisations hear the term ‘downtime’, the primary concern is the financial impact on the business. Unplanned outages can be one of the biggest expenses any business can face, making extended periods extremely costly. But in healthcare it’s about so much more. What must be accounted for is the potential detriment to the quality of patient care. This is, of course, is harder to quantify, but is certainly the highest-priority factor to consider.

Eliminating the threat

When it comes to cybercrime, Plan A is to keep hackers and malicious intent out. Securing the network and educating employees on the risks is essential to this plan. A hacker only needs to be right one time while the corporate IT department has to be right all the time in order to keep hackers out. Therefore, IT needs a to have a Plan B. What happens if they do get in? What is the recovery plan? Being able to recover to a previous point in time, perhaps even a second before the disruption, will enable organisations to “undo” the ransomware attack and recover quickly and easily.

DR plan testing without disruption

Non-disruptive DR testing is key here. Healthcare organisations need to be experts in the event of an outage, and if precedent is to test the availability of an infrastructure once a year, this may be an unobtainable dream. Frequent testing is very important – each quarter is ideal. The point of testing is to ensure that each part of the disaster recovery plan is functioning seamlessly, that a healthcare organisation can fail over manually in a few clicks and that it’s possible to get comprehensive, easily accessible reports on testing. It’s these reports what will make the compliance officer and IT department new best friends.

Without regular, real-time testing, there is no clear insight into the way complex IT systems are working and save mission-critical data from interruption if disaster strikes. This also presents a chance to identify and rectify IT issues which may otherwise go unnoticed.

Ultimately, the only way to guarantee the availability of patient data and the resilience of IT is through routine check-ups.