In recent years, the healthcare industry is hearing the siren call of technology, catalyzing the use of tablets and electronic medical records in the examination room and ER. Traditional solutions in the sector previously relied upon on-prem servers to ensure control and security of data. Now, having moved many systems online and into the cloud, the industry is dealing with one of the inevitable downsides: hackers. From doctor’s offices to medical practices, hospitals to clinics, the healthcare industry has found itself to be an extremely attractive target for online threats such as ransomware, which holds systems and data hostage and can have medical staff working in the dark, relying on pen and paper for days on end.
With advancements in cloud technology, including access control, encryption, audit trails, and disaster recovery as a service (DRaaS), hospitals and medical centers no longer have to postpone surgeries and treatments when experiencing downtime, whether due to a breach or disaster. While the healthcare industry may be an attractive target, with resilient IT infrastructure, systems can be back up and running in hours instead of days, with all primary infrastructure intact and functional.
Here’s how the healthcare industry can continue its march to technological efficiency without resigning to ransomware and other threats as simply a cost of conducting business online:
Take inventory of all critical IT infrastructure
The first step in working toward greater IT resilience is to get a firm grasp on your working environment. It is imperative to understand which of your systems are critical and necessary to keep day-to-day operations running smoothly. For a doctor’s office, this may be an application for managing patients’ appointments. For a hospital, it may be something more significant around records access. Other systems, while useful, may prove to be less critical upon reflection and more easily replaced with manual processes in the event of a disruption.
Understand downtime thresholds
Next, you need to carefully examine how much downtime you can withstand as a worst-case scenario. In the event of a power outage, natural disaster, or other disruptive event, how long could you successfully continue offering critical services? At what point would a lack of specific systems impede your capability to continue providing service? Knowing this yields a valuable metric—your recovery time objective (RTO)—to focus on when planning your IT resilience strategy.
Investigate back-up systems for various outage types
Not all disasters are created equal. A power outage presents a drastically different scenario from having your data held hostage by ransomware. Now that you have identified which systems are critical and how long you can effectively make do while you work to get them back online, you need to plan and implement appropriate back-up systems. While something as simple as user error may corrupt important data and be restored easily, a power outage requires more resources like a back-up generator.
Data backup and back-up generators, however, are just a first line of defense. When application servers become inoperable, for example, bringing applications back online is not as simple as restoring a backup. Often, entire environments need to be recreated, which can be a timely process if performed manually. Recent developments in cloud technologies have made DRaaS possible, which can quickly—in hours, not days—bring critical systems back online. In addition to bringing applications and server environments back online after a crash or outage, DRaaS can assist in the event of a ransomware attack.
Budget for resilience
As with any business, you will need to fit IT resilience into your budget. At first glance, it may seem like an additional cost, but there are few places to save expenses. Moving away from replicated data centers and management of redundant infrastructure, for example, will help reduce costs of healthcare through the implementation of resilient solutions. And as the saying goes, an ounce of prevention is worth a pound of cure, so examine how much potential downtime would cost in comparison to implementing agile IT infrastructure.
Implementation
Lastly, you will need to implement systems to achieve your RTOs. As noted previously, this may consist of several systems alongside one another to handle different scenarios. Beyond installing these systems, however, you should consider identifying key IT staff who will be responsible for keeping these systems properly configured and up to date. IT resilience is not something you can simply address once and never review until you find yourself hit by disaster. As new technologies are instituted and configurations of existing systems are changed, the IT staff will need to continually update DRaaS and other systems.
Unlocking IT resilience
With sensitive health and financial data, the performance of critical services like surgeries and treatment plans, and more information stored online than ever before thanks to the federal mandate for digital recordkeeping, taking the necessary measures to unlock IT resilience in the public and private healthcare industry is more important now than ever. Implementing a comprehensive and agile strategy ensures critical systems remain available, applications continue to function, and data remains readily accessible—all vital for conducting business in today’s connected environments.
