Healthcare Disaster Recovery Advice That Will Maximize Uptime
By: Ernest Sampera on September 30, 2019
As organizations become more invested in developing new strategies to gather insights from healthcare data, they have made themselves more vulnerable to the risk of a disaster that inflicts system downtime. Maintaining uptime availability and minimizing recovery time objectives are crucial goals for building sustainable success in the healthcare industry, making it more important than ever for companies to refine their disaster preparedness and recovery plans.
Importance of Healthcare Data and Electronic Health Records
Today’s healthcare providers are focused on building data-driven systems that have the potential to dramatically improve patient outcomes. Nearly three out of four healthcare organizations today have a defined data strategy to capitalize on the opportunities presented by big data analytics. Many companies are also investing in the data and network infrastructure necessary to support technological innovations like augmented and virtual reality, Internet of Things (IoT) functionality, and artificial intelligence applications.
Of course, the privacy demands of HIPAA compliance always loom large over the healthcare industry. Every data management solution must meet these strict requirements to ensure that patient health information is protected. Failing to do so could expose companies to substantial liabilities, which is why any organization responsible for handling healthcare data and electronic health records needs to have a disaster recovery plan in place.
Disaster Threats Facing Healthcare Companies
There are a number of potential disasters that could have an impact on healthcare companies, but there are three major threats that keep healthcare disaster recovery experts up at night.
Perhaps the most dramatic threat to healthcare data, a natural disaster has the potential to devastate both virtual and physical infrastructure. While most data solutions take natural disasters into account, for instance by locating data centers away from major flood zones or incorporating elaborate defenses against earthquakes, in some cases there’s simply no avoiding the destructive power of Mother Nature. The mile-wide tornado that ripped through Joplin, Missouri in 2011 provided a frightening example of how a severe weather event could endanger healthcare data. The tornado completely destroyed St. John’s Regional Medical Center, rendering its on-premises data center completely useless. Fortunately, the hospital had recently completed a complete migration to a nearby data center and no data was lost, but the incident provided a powerful reminder of the damage a natural disaster could inflict on a healthcare provider.
Some of the most high profile cyberattacks of recent years have involved ransomware. This particularly insidious form of malware encrypts data so authorized users can’t access it. The attackers then demand a ransom (usually payable in cryptocurrency) in exchange for a key to unlock the files. Of course, in most cases, the key is never delivered after the ransom has been paid, which is why cybersecurity professionals advise against giving in to the attackers’ demands. Unfortunately, many forms of ransomware go so far as to delete encrypted files if the ransom isn’t paid. The healthcare sector, in particular, has become a prime target for ransomware due to the sensitive and valuable nature of protected health information. In most cases, having a backup solution in place is the best way to avoid losing access to essential healthcare data.
Unfortunately, the healthcare industry is no stranger to data breaches. The pace shows no sign of slowing, as 2019 has already proven to be a record-setting year for cyberattacks involving healthcare data. More troubling is the fact that the healthcare industry accounts for a quarter of all data breaches. Part of the reason the healthcare companies make such an enticing target is the sheer scope and volume of data to be found there. While cybercriminals might not have much interest in lab results or medical diagnoses, they’re very interested in the personal information of the patients and the financial information they used to pay for those services. Given that so much data flows through the healthcare system and passes off between multiple vendors, there are many opportunities for malicious actors to launch an attack on these systems.
Business Continuity and Disaster Recovery in Healthcare
In the event of a natural disaster or cyberattack, healthcare organizations don’t want to be left without access to critical data. In the case of a serious weather event, patients will still need to access their data both during the threat itself and the period after it passes. With cyberattacks, any data breach brings with it the risk of data being altered or destroyed. If an organization has redundancies in place, it can continue to provide data and services even if it has to shut down some systems in response to an attack. Having a solid backup solution in place is critical to maintaining data availability and ensuring a swift service recovery timeframe.
For most healthcare companies, data centers represent the best option for implementing a backup solution. Whether they deploy a cold site backup, which provides them with space and resources to get new equipment up and running in the aftermath of an event, or a hot site backup, which maintains a completely parallel backup system ready to take on a primary role at the flip of a switch, will depend upon the organization’s needs. Companies that provide healthcare services and rely on data to make decisions and administer treatments will likely need a fully redundant hot site solution that ensures sustained uptime availability. Organizations involved in the financial side, such as billing or administrative contractors, might be able to tolerate longer periods of downtime that come with a cold site backup.
Determining an organization’s tolerance for downtime is the first question that needs to be answered when it comes to healthcare data. Hospitals and other providers that deliver care often cannot afford anything less than full redundancy and the fastest possible recovery time objectives. These solutions are often more expensive, involving setting up a parallel system of servers or virtual private clouds through a hosting provider to ensure that all healthcare data is fully backed up. Organizations with less restrictive recovery time objectives can afford to use various forms of cold site backups, which could include work area recovery solutions or “warm site” solutions that incorporate elements of cold and hot site backup.
Whatever backup strategy a company pursues, it must make sure that its data management is in full compliance with HIPAA regulations to avoid the threat of fines and liability. As the threat of data breaches and the cost of data redundancy continue to grow, developing a customized solution for healthcare disaster recovery is more important than ever.
About Ernest Sampera
Ernie Sampera is the Chief Marketing Officer at vXchnge. Ernie is responsible for product marketing, external & corporate communications and business development.