Disaster recovery is not specific to natural disasters. One of the most pertinent and relevant disasters, by likelihood, is cyber crime in all its forms. With the cyber criminals targeting healthcare organizations on such a large scale with things like ransomware, it is crucial have proper backup systems in place.
The cost to value ratio associated with cloud/remote storage solutions has sharply declined within the past five to 10 years. This reigns true although the amount of unstructured data has increase significantly in that same time frame. For example, Faith Regional Health Services says it decreased hardware costs to $100,000 from $400,000 by migrating to the cloud.
Hospital data systems, like Faith Regional’s, are now increasingly located virtually; an estimated 9 out of 10 companies will have some part of their infrastructure or applications in the cloud by 2021. HIPAA regulations says healthcare data should be both recoverable and usable if a system stops functioning as originally intended.
Here are a few tips to ensure your backup systems are functional and compliant when you need them:
5 Tips to Protect Your Backup Systems
1. Diversify Storage
Think about diversifying where you are putting your storage and backup systems. It is important to consider how accessible, vulnerable and maintainable each type of location will be. There is value to having on-premises backups, but limitations in the cost and risks of on-prem solutions. In the case of physical disasters like earthquakes or hurricanes, remote disaster recovery/data backup systems are the best types of solutions to have in place. The proposition being presented here is that the most effective methodology to put in place for data backups will be a combination of on-prem, cloud, and remote storage solutions.
2. Encrypt Backups
Although this should go without saying, it is worth mentioning. Please encrypt all transmitted data, in transit and at rest. This is the simplest piece of the puzzle that, in some cases, gets overlooked.
3. Audit and Manage Access
Monitoring, managing and auditing access controls is not only important for HIPAA purposes, but will also affords you the ability to reinforce good procedures and policies around your data management solutions. It will also help significantly with any investigation/data forensics that need to take place if there were a breach.
4. Train Personnel
Time is money; in healthcare, this is truer than ever before. Data loss can cause substantial amounts of downtime and drops in productivity. This, consequently, results in financial ramifications for the institution. Training personnel to get systems back up and running in as little time as possible could minimize this outcome. Having periodic “disaster drills” for your staff will keep them keen on how to effectively access and restore backups to allow for business continuity.
5. Test Systems
Periodic testing is paramount. If your personnel is trained and your storage encrypted and diversified, it would be all for nothing if the day you needed it, you realize the vast majority of your files were corrupted. Do not neglect testing your backup systems; this will likely undermine your efforts.