The Importance of Data Storage and Backup Safeguards in Healthcare Cybersecurity
In the rapidly evolving digital landscape of the healthcare industry, cybersecurity has become a top priority for many organizations. This shift, according to Henry Baltazar, research director for the storage practice at 451 Research, has been particularly noticeable over the past couple of years due to the increasing number of ransomware attacks.
One example of this heightened focus on cybersecurity can be seen at Kelsey-Seybold Clinic, a multidisciplinary clinic system with locations throughout the greater Houston area. After experiencing a ransomware attack in 2015 using a zero-day variant of CryptoLocker, Kelsey-Seybold Clinic has since strengthened its defenses. Their storage team, for instance, now relies on immutable backups created with a Pure tool called SafeMode, ensuring that data can be quickly restored in the event of an attack.
The clinic's focus is now on protecting the network and endpoints, as these are often the weak spots that hackers target. To achieve this, Kelsey-Seybold Clinic employs a range of security solutions, including Palo Alto Networks and SentinelOne.
Similarly, Enloe Medical Center, a U.S. health organization that has operated a branch in Germany since 2021 (as per the Centers for Disease Control and Prevention (CDC)), has also bolstered its cybersecurity measures. Enloe Medical Center uses a HIPAA-compliant archiving software from Germany-based iTernity to protect data against manipulation and deletion. Additionally, they have installed a four-node 3PAR system in their on-premises data center and a separate two-node system in a colocation facility in Nevada.
Enloe Medical Center's data protection and restoration is facilitated through automatic volume snapshots and backups made using software from another vendor. Moreover, they employ a multipronged cybersecurity approach that includes data encryption and a strong recovery methodology.
The importance of robust cybersecurity measures in the healthcare industry is further underscored by statistics. According to a 2021 HIMSS survey, 67% of healthcare cybersecurity professionals reported a "significant" security incident in their organization that year. The average cost of a healthcare data breach in 2021 was $9.23 million, as per an IBM report.
Marc Hrzic, senior director of IT at Pittsburgh-based UPMC, echoes these concerns, stating that the challenge is to do everything right all of the time to prevent a ransomware attack, as the perpetrator only needs to get in once to cause significant damage. UPMC, for their part, uses IBM Spectrum Storage, Dell EMC tools, and the IBM FlashSystem platform for their storage protection strategy.
As more organizations move towards public cloud storage as part of their data strategy, as noted by Baltazar, the stakes have never been higher. It is clear that in the face of rising ransomware attacks, the healthcare industry is responding with a renewed commitment to cybersecurity.
