Given the increasing importance of data within your facility—especially since the implementation of HIPAA-HITECH, your hospital or clinic needs a proper plan for preventing long-term or even permanent data loss, resulting in complete disaster if a cyberattack were to hit your facility.
Why Do You Need To Back Up Your Data?
According to healthcare IT research, it will only take a week for one in five healthcare facilities to become unprofitable once access to certain critical data is lost (19%). This number is anticipated to grow to 37% within three weeks after an incident and 53% within a month. And after three months, only 35% of facilities are expected to survive such large amounts of downtime or inaccessibility to critical information.
Backups can mean the difference between having nothing to stand on and having a sure footing.
Threats To Your Data
The rise of hackers and online scammers has put your entire operations at risk. To make things worse, there are a slew of other attacks and major threats your security team needs to be constantly be thinking about when it comes to your backups:
Cyberattacks, which can be carried out inside or outside of your facility. Examples include
Theft or destruction of data storage devices
Human error—employees accidentally deleting critical data
Hardware failures—have the lights ever gone out in your hospital? This is the perfect time to lose data (even large chunks of it!).
Software failures, Power outages, Internet outages, Damage to storage devices are all reasons why you might need to restore from backup.
What Data Should You Prioritize?
Can you really be fully certain that you are classifying all of your critical data as such? We advise to back up all data that your facility uses and collects to be on the safe side. But most hospitals and clinics identify the following as critical data that needs protecting and backing up:
Shared Data—any files and documents that are centrally stored, for instance on a network drive.
End User Data—employees do not always keep copies of their critical documents in central locations. Some might have a specific folder they dump everything or use their desktops, just as they have critical notes or papers on their actual desks or walls of their cubicles. It is especially essential that you also backup data directly from each end users, especially in areas that are critical to your facility’s operations.
Software—don’t forget to make copies of your software—the software that you depend on for your continuity. This is probably routinely used platforms, including software that is necessary for critical roles within your business office. Otherwise, you will have to purchase or download new copies once you recover your backup at some point and it might not be configured the same as your user remembers it.
Metadata—this is information detailing how you have everything configured on your systems. Without this data, your digital work environment might not be completely restored to how it previously was.
How Frequent To Back Things Up?
I get this question all the time from CEOs and administrators unsure if their backups are effectively keeping their facilities secure. I advise to backup data every 24 hours. This strategy is based on when most organizations relied on tape-based backups that were performed every night. To eliminate the risk of permanently losing a day’s worth of critical work—often a great loss in itself—I want you to consider automatically backing up at least once a day from all systems. Automated systems allow for much more frequent backups of any changes made—even at intervals of minutes. Full system backups are safe to run daily, but for workstations or servers that are constantly storing new data, consider more frequent backup increments.
How Many Copies And Where To Store Them?
There’s an unofficial rule of 3-2-1, where organizations should have at least 3 copies of their data and these copies should be stored at least two different locations, one of which should be offsite. For more security, you should opt for a 3-2-2 approach where at least two copies of your data are stored offsite in two different locations. Keeping onsite copies allows for the fastest recovery after an incident, but it is essential to store one copy remote OFF of your network, to rule out the very real possibility of a virus or a fire destroying all of your backups. Warning: backups on your network is a very common mistake and viruses are trained to search and destroy backup files. I have had to recover hospitals that kept everything on one network and were left with next to nothing to quickly recover from after a cyberattack. This increases your risks for disaster even more real and the time to recover if you are even able to – to months and hundreds of thousands of dollars.
