Healthcare IT Continues to Struggle with Backup Strategies

Improving IT security, reducing IT costs and delivering higher service levels are among the top IT priorities for the healthcare industry, according to the Kaseya 2018 State of IT Operations survey report.

Data security has become critical to the healthcare industry as patient privacy hinges on HIPAA compliance and the secure adoption of electronic health records. This is indicated in the survey, with 78% of the respondents naming HIPAA as the most critical compliance requirement adopted by the industry, and 19% of the respondents seeing cybersecurity and data protection as the top technological challenge in 2019.

Are the right measures, however, being taken by the industry to secure this data?

Confidential patient information is usually stored in emails, files, print servers, document libraries (e.g. SharePoint), and access databases. These are all generally backed up.

But while 63% of the respondents mentioned Office 365 as the most used SaaS application, 54% did not protect their SaaS data with any backup and recovery solution.

This is a red flag for any healthcare organization. SaaS vendors, like Microsoft, protect your data from issues on their side — outages due to server failure, malware and hacking, and infrastructure failures — but they cannot protect you from you (or your end users). [Read “Get the Real Scoop: Office 365 Backup Policies and How to Fully Protect Your Data” for detailed information.]

Office 365 and SharePoint Online BackupBackup and data recovery in healthcare is also critical for recovering data during cyberattacks or natural disasters, for example.  To ensure an organization can quickly come online after a network outage (50% of the respondents stated to have 2-4 outages in the past year which have lasted longer than 5 minutes), a seamless recovery plan compliant with HIPAA is essential.

“As an FDA regulated business, we have certain strict compliance requirements. The biggest is going to be data retention, being able to keep data for an indefinite period of time,” explains Todd Miller, Director of IT at Millar Inc.

Ransomware and Healthcare

Cybercriminals recognize hospitals and healthcare as large and potentially vulnerable targets. Ransomware attacks can lock-up patient-electronic medical records, and even backup files. In their 2018 Annual Cybersecurity Report, Cisco estimated a 350% year over year growth rate in ransomware attacks. And sadly, SaaS applications like Office 365 are not immune to ransomware.

As stated in a Forrester Research report, “Cloud-to-cloud backup is the only practical option for SaaS data protection.” Implementing a trusted backup and recovery solution is a proactive means of protecting your data and your organization. And if ransomware does strike, backup solutions, like Spanning Backup for Office 365, can restore your critical business data to the last ‘clean’ version before the attack occurred. This restore capability minimizes the hefty cost of employee downtime as well as eliminates the need to pay a ransom.

For more information on how to protect your Office 365 data from a ransomware attack, read this blog to understand the anatomy of a ransomware attack, followed up with tips on protecting your data in Office 365. Make 2019 the year that data disasters become a thing of the past.

[Whitepaper] Getting your cloud strategy on solid ground: Protect data in cloud apps with PHI

An earlier version of this blog first appeared on the Kaseya website.