Oct 03 2023

Solutions and Partnerships Come Together to Secure Backups in Healthcare

Secure backups that incorporate strategies such as multifactor authentication and Network Time Protocol authorization can help health systems recover from ransomware attacks.
Cybersecurity Awareness Month


Ransomware attacks in healthcare have more than doubled in the past year and quadrupled since 2021, according to cloud security company Barracuda Networks. That is why data backups are crucial when a health system must recover from a cyberattack.

Secure backups are essential to prevent dangerous disruptions to care.

“Securing data protection copies is now almost more important than protecting anything else, because that’s your castle wall,” says Jeff Lundberg, principal product marketing manager for Hitachi Vantara.

Ransomware could cut off essential services, which could mean life or death for patients. An attack on electronic health records could affect access to treatments and surgical procedures. Ransomware could also impact a supply chain and the flow of medication into a pharmacy, Lundberg says.

Previously, cyberattacks would target production data, such as imaging systems for capturing MRIs, Lundberg says. It then progressed to target backup systems as well.

While the threat of ransomware is growing, healthcare organizations have several tools and tactics they can use to protect backups in case of an attack. And health IT teams don’t need to handle the process of securely backing up data alone: Managed service providers can work hand in hand with organizations to meet their security needs.

Click the banner to get the expertise you need to strengthen your ransomware protection capability.

How Healthcare Organizations Use Backups for Security

Many health systems use Backup as a Service to keep critical healthcare processes operational. With terabytes of data to back up, the cloud provides the best way to do so securely, Lundberg says.

“If everything is backed up in the cloud, and I have to restore on-prem systems, there’s a limit to how quickly I can do that, which is usually far lower than the limit I can do on-premises,” he says. “Because there’s so much data, you can’t really keep it all in your data centers and you want to farm some stuff out.”

Organizations should back up an entire system image that includes software, advises Barracuda CTO Fleming Shi. Backing up an entire system allows healthcare organizations to maintain access to both the data and the software. The alternative is enterprise file sync and share, which only stores the latest version of a file.

Ransomware TOC


Best Practices for Secure Backups in Healthcare

The following are some strategies healthcare organizations can explore to keep backups secure.

Immutable Storage: Immutable storage means that data cannot be erased except within the data protection solution where it was created.

“Using immutable storage is a way to make sure attackers are not able to modify previously backed-up images,” Shi says. “These are basically air gaps for them to not be able to operate and disrupt, something that you need in recovery mode.”

Multifactor Authentication: This technology uses an additional form of authentication such as a push notification or a token match in addition to a username and password to gain access to a system.

“It’s basic to make sure you have MFA for your administrators who have access to your backup tools,” Shi says.

Shi recommends using token matches because push notifications can be easily gamified.

If bad actors lack access to a phone SIM card associated with a phone number, they cannot pass through the next level of authentication, Lundberg says. Additional authentication factors could be paired with VPN credentials, he adds.

Active Directory: This database resides in Windows Server and enables identity management, authentication and access control. AD also lets health IT managers maintain network security.

“It’s also about limiting the permissions users have and being smart about what systems they can access,” Lundberg says. “Not everybody in the organization needs access to everything. You are the CEO, but you do not really need the gold key to the IT department or the HR records?”

Lundberg notes that AD itself has become a target. Healthcare organizations should therefore implement similar data protection and login challenges for Active Directory.

Organizations should apply a zero-trust strategy for access to applications rather than granting broad permissions, Lundberg says.

Network Time Protocol Authentication: Also called a monotonic clock, this strategy prevents hackers from time jumping and requires authentication of a server before changes are made locally.

However, bad actors can spoof an NTP server and change the domain name, Shi warns.

Even if an organization has chosen which folders on users’ machines to back up, the software will not run in the case of a ransomware attack because the NTP is being spoofed, Shi says.

Have storage and backup systems that run their own tamper-proof internal clocks,” Lundberg advises.

If some network time servers are set seven years in the future but an internal clock is set for today, it will prevent an attack from impacting the backup systems, he explains.

“It won’t allow things to happen,” Lundberg says. “It will notify a system administrator that your time protocol servers are not in agreement with my internal clock.”

READ MORE: How can healthcare organizations grow with smarter backup strategies?

Working with a Partner on Data Backup and Security

When managed service providers help healthcare organizations implement Backup as a Service, they gain cloud security as well as email and data protection, Shi notes.

“Having tools is one thing, but also having the knowledge, experience and the type of threat intelligence we have to support these efforts makes things easier,” Shi says.

A vendor can also operate a security operations center on behalf of customers to operate backup tools. It allows IT to huddle with hospital staff and clinicians on security events so hospitals gain peace of mind that an MSP has their data security needs under control, Shi says.

Partners allow IT staff and physicians to focus on what they do best, such as making an EHR platform work better or optimizing use of an MRI suite, Lundberg says. They enable healthcare organizations to prioritize which services to back up as a service based on their operational budget. For example, emergency room systems may get backed up before the billing systems.

“The value that partners bring is the technology expertise and business model coaching, so it really just becomes more of a discussion of how to operate better as a healthcare organization,” Lundberg says.

Getty Images: filo (bubble graphics, icons), bounward (icons); Streamline (icons)

Learn from Your Peers

What can you glean about security from other IT pros? Check out new CDW research and insight from our experts.