When it comes to cyber-attacks we’ve all heard the saying: “It’s not a matter of if, but when”. Unfortunately, this saying has proven to be true over and over; especially with healthcare organizations.
In 2017, the healthcare industry experienced 336 reported breaches, according to Identity Theft Resource Center (ITRC), with 4.93 million records exposed.
Although we are barely halfway through 2018, there have already been 93 reported healthcare breaches with 980,136 records exposed, according to the ITRC.
While implementing technologies to help protect personal health information (PHI) and personally identifiable information (PII) from a cyber-attack is important, these days it’s just as important, or possibly even more important, to make sure you have the technologies and tools in place to recover after a cyber-attack.
Healthcare organizations especially need to be on high alert because, should they be the target of a cyber-attack, the stakes are high. For example, suffering a ransomware attack would not only cause a healthcare organization to lose revenue, it would also negatively affect patient care as well as expose the organization to fines and other penalties due to compliance and HIPAA violations.
Unfortunately, healthcare organizations are up against a strong opponent that is evolving quickly and continuously. For example, Cerber, currently the most prominent ransomware family, releases an updated variant of their ransomware every 8.4 days, according to Barkly, an endpoint security company.
With healthcare organizations finding they need to implement and protect more and more systems, not only to run the healthcare business but also provide quality patient care, backups and disaster recovery alone are not enough to recover from an attack.
Let’s take a look at a technology and best practice that could help your healthcare organization recover from a cyber-attack or ransomware attack without having to pay the ransom.
Isolated recovery: What it is and how it can help
To ensure your healthcare organization can recover after a cyber or ransomware attack without having to pay cyber criminals, implementing isolated recovery technology, in addition to backups and disaster recovery, can be a good option. Backups are copies of PHI, PII and any other valuable data on tape or disks. Disaster recovery is where a hospital, for example, will create copies of critical data and store them in a different facility so that even if the hospital is destroyed the data in a different facility is protected.
Isolated recovery, however, is different from backups and disaster recovery. PHI, PII and other valuable data are replicated and a second copy is stored in a secure cloud or secure data center offsite. Then, the recovery system in that offsite secure cloud or data center is disconnected from the network so the data can’t be accessed. This disconnection from the network is known as an Air Gap. While the data resides in the secure cloud or data center, the data will be monitored and tested to ensure it has not been tampered with.
Typically, the healthcare organization will frequently update the data stored in the secure offsite cloud or data center and then, should they ever need to recover data due to a cyberattack destroying or compromising their most critical data, they can do so knowing the data has not been tampered with.
While these are just the basics of what isolated recovery is and how it can help a healthcare organization recover from an attack, it is only the beginning. The importance of being able to recover from an attack can’t be stressed enough.
Learn more about isolated recovery here.