The pandemic has put a significant strain on all industry sectors none more so than in healthcare where there was a need to adopt more data-driven planning and decision-making at lightning speed.
By Chris Norton, regional director: Africa at Veeam Software
At a time when expanding remote care, telemedicine, and m-health initiatives have become the order of the day, the spotlight has turned to the safeguarding of sensitive information at a scale comparable to the financial services sector. This is for good reason.
According to the ‘Veeam Top Trends in Data Protection, Healthcare Edition 2022’ report, 76% of global healthcare organisations had at least one ransomware attack in the last year. This has contributed to an almost 5% increase in data protection budgets that include backup, business continuity, and disaster recovery.
Considering the new dynamics that come with telehealth adoption, staffing shortfalls, supply chain disruptions, and increasing cybersecurity threats, many expect this year to see several investments in innovation and data protection as healthcare providers look to improve the quality of, and their capacity for, patient care.
Closer to home, South African regulations such as the Protection of Personal Information Act (POPIA) and the National Health Act (NHA) govern the protection and privacy of personal information.
While the former is more general, the latter focuses specifically on patient information. Healthcare providers must therefore carefully manage how data is collected, for what purpose it is used, and how it is protected from compromise, or risk significant financial fines and reputational damage.
As the healthcare sector continues embracing innovative technology to drive flexibility, cost-efficiencies, growth, and improved patient care, secure IT infrastructures must be developed that not only identify and prevent attacks, but also provide modern data protection capabilities to remediate and restore.
Cyber criminals have no conscience. They just as easily target healthcare facilities as they do financial organisations. However, it becomes a potential life and death situation if the systems of a hospital become compromised with ransomware and specialists are unable to access patient records to perform urgent surgeries. If the hospital has no way to safely restore backups as quickly as possible, the consequences of an attack can be devastating on the health, and even lives, of its patients.
Further complicating the issue is that data protection must extend beyond on-premises to include a variety of environments as respondents indicated that ‘hybrid’ and ‘multi’ platform environments are here to stay. Veeam’s research also found that, on average, healthcare infrastructure this year consists of 26% physical servers, 24% virtual, and 50% cloud-hosted infrastructure.
Compared to other industries, and the global trend, healthcare moved more quickly from physical to virtual infrastructure, and jumped more quickly to the cloud. This means an effective modern data protection strategy must encompass workloads across all these infrastructures to provide healthcare institutions with the peace of mind that the sensitive information they hold is safe from compromise.
It essentially comes down to ensuring data is backed up, replicated, and recoverable wherever it is stored. Healthcare data must be always available. A robust data protection strategy will act as a vital insurance policy for healthcare organisations, making sure that their digital infrastructure is not a single point of failure.
Given the sensitivity of personal medical records and perceived risk of having a healthcare system which is over reliant on its digital infrastructure, providers must do more to ensure their environments are protected.
Unfortunately, Veeam research has found that the gap between what healthcare providers expect and what their IT can deliver continues to widen, as tracked over the past five years, with 96% of IT leaders believing their organisations have an availability gap between the SLAs expected and how quickly IT can return to productivity.
The last two years have seen significant IT modernisation, particularly where cloud hosted services could be leveraged. In part due to ongoing digital transformation initiatives, as well as accelerated cloud adoption during the global pandemic, in which the healthcare sector played a vital role. The challenge faced by many organisations is to address those areas where protection has not modernized at the same rate.
Additionally, any digital transformation initiative in the healthcare sector brings the potential for cyber criminals to target sensitive patient information and systems that are not as secure as they should be. This makes it imperative for healthcare organisations to ensure the levels of resilience in their environments are adequately robust.
That data is secure, backed-up (including having an immutable, air gapped copy) and recoverable. Not only should this eliminate vulnerabilities, but if a compromise should occur, this resilience will provide the means to resume normal operations as quickly as possible without disrupting existing operations.
It is expected that healthcare organisations will prioritise data protection in the years to come, especially given how their workloads span multiple environments and that cloud-adoption will only accelerate. Investing in modern data protection is vital considering that when it comes to ransomware it will be a case of ‘when’ and not ‘if’ an attack happens.
More importantly, however, if data is the lifeblood of an organisation, then modern data protection may be regarded as a health plan for the business dependent upon it.