Addressing Healthcare’s Backup Problem

Updated on October 22, 2024
Technology Every Healthcare Facility Needs

Healthcare remains one of the biggest targets for bad actors; last year, the sector reported the most ransomware attacks of the 16 industries identified as critical U.S. infrastructure. The ransomware attack against Change Healthcare in March continues to have a ripple effect – and in fact, the resulting $22 million payout the ransomware actors received seems to have inspired copycats.

Researchers at Recorded Future found there were 44 attacks against the health care sector the month after the Change attack, the most they’d seen in the four years since they started collecting this data. 

Healthcare organizations have massive amounts of sensitive data that must be protected, so they must have a strategy for keeping that data safe in the event of an attack. 

The need for end-to-end cyber resilience

Healthcare organizations today need cyber resilience. This refers to an organization’s ability to manage people, processes and technologies to withstand cyber-attacks and their ensuing results. It also needs to encompass protective measures that minimize the impact of disruptions if and when an attack occurs.

A solid backup strategy is vital. Backups can serve as a critical component of cyber resilience; these are a way to recover data in the event of accidental data loss or malicious attack (i.e., ransomware). However, backups are increasingly under attack by bad actors as well. A recent report by Sophos found that cybercriminals attempted to compromise the backups of 94% of companies hit by ransomware last year. (That’s not just for healthcare, but it’s worrisome for all highly targeted industries.)

Given this reality, immutable storage has emerged as a central pillar of cyber resilience strategies worldwide, including within the healthcare sector. One recent study found that 94% of IT professionals now rely on immutable storage to defend against ransomware. 

Making data immutable means that bad actors can’t encrypt, change or erase backup data. This allows organizations to always have a clean backup to restore from. It also prevents bad actors from collecting a ransom because the organization has rapid access to that clean backup.

Is immutability enough?

Although a significant percentage of leaders say they’re using immutable storage, ransomware attacks are on the rise. What gives? Part of the problem is that not all immutability is created equal. You might think you have immutable storage, but the reality is that most immutable storage solutions fail to deliver on their promise. 

The standard procedure is to create immutability via periodic data snapshots, which may come hours or days apart. This means there are gaps in data retention and the possibility of data loss. Instantaneous immutability is possible for file system-based solutions if they support the S3 Object Lock API. However, since the underlying file system can still be changed, the data is still susceptible to attack below the API layer.

Truly immutable storage is an approach wherein once data has been written, there is no way to change or delete it for a set period. This preserves a copy of the data, rendering ransom demands ineffective. Unfortunately, most immutable solutions don’t have the degree of protection they claim. Only intrinsic immutability, using S3 Object Lock implemented on a native object storage architecture, can prevent the vulnerabilities noted above. Using the S3 API allows teams to constantly save and store data every time it is written – not hours or days later – and at petabyte scale. 

At the same time, the object storage architecture beneath guarantees that stored data can’t ever be deleted or overwritten, even if a bad actor gets past the API layer. The result is that, no matter what happens, data can always be restored from any backup. 

The need for disaster recovery

Immutability and fast recovery are critical for healthcare data storage, backup and recovery. Object storage’s role in data immutability is making deletion and overwriting of stored data impossible. It’s essentially a bulletproof anti-ransomware solution. It also offers the lowest possible Recovery Point Objective (RPO) and Recovery Time Objective (RTO).

The healthcare industry operates in silos. IT professionals must identify and prioritize mission-critical use cases that require the most robust, end-to-end, cyber-resilient measures in place. To build a resilient disaster recovery plan, organizations must ask:

  • Who should own your disaster recovery plan? 
  • How often will it be updated?
  • What role should technology play in your organization’s backup and recovery strategy (eg. what are the components of it)? 
  • How should the organization train/educate staff on backup and disaster recovery procedures? 

Securing healthcare data

Security modernization must be a priority as the healthcare industry faces increasing attacks. The attack against United Healthcare’s Change Healthcare continues to significantly impact patients and doctors, and it’s been called the worst healthcare hack ever reported. Today, ransomware attacks are inevitable, and IT professionals at healthcare organizations must develop a strong, successful backup strategy that includes immutability. That will make this facet of America’s critical infrastructure impervious to ransomware and ensure patients get the timely care they need.

Candida Valois
Candida Valois
Field CTO at Scality

Candida Valois is field CTO for Scality. A software developer by background, she has over 20 years of experience in designing and deploying complex enterprise IT systems with a deep skillset in architecture, software development, services and sales for various industries.