Richard Massey, regional director – EMEA North, South Africa & Israel at Arcserve writes about the need for modern healthcare to keep up with technologies behind the scenes, as well as on the front lines of patient care.
There has been a ransomware attack, and a doctor has a patient in dire need of expert medical attention, but unfortunately their hands are tied. The IT systems are down – and there’s no way to access the patient’s medical history. The team want to provide a course of treatment, but no one knows if the patient has a pre-existing medical issue. The hospital’s IT team could recover the data from the backup provider – but this would take hours and with patient information and history needed to determine the course of care and diagnosis, every single minute is increasing the risk of the patient being harmed.
This is a very real problem. According to research from IDC, the volume of data generated as a result of healthcare and imaging systems will exceed 2,300 exabytes by 2020, a huge increase from 153 exabytes in 2013, due to advances in big data and medical technology. In other words, healthcare continues to be a ripe target for cybercriminals across the globe.
Despite this healthcare providers worldwide are still running a mish mash of legacy systems that can create a multitude of avenues to attack a hospital or medical provider. In fact, the National Security Agency (NSA) recently released a warning that the Blue Keep vulnerability, that was implicated as a cause of WannaCry in 2017, was still affecting some legacy versions of Windows. 64% of global IT decision-makers agree that protecting business critical data has not got easier over the past five years, and clearly the healthcare industry isn’t exempt from this.
The reality of today’s healthcare, which is more reliant on data than ever before, is that slow recovery simply isn’t an option. As such, the problem of low data availability is simply unavoidable. To support the demands of today’s always on world, data requires constant availability.
Why conventional backup isn’t good enough
Healthcare organisations must move from a conventional backup strategy based on recovery time and point objectives (RTOs/RPOs), to one where they have ‘constant availability’ – where you never need to recover in the first place. To clarify, an RTO is a measure of how long it takes to restore your backups, while an RPO is a measure of the amount of the data that you can stand to lose in the recovery process. If you can lose six hours of data, the RPO is six hours.
While this method of approaching backup may be great for certain uses or in certain industries, healthcare professionals must have ‘constant availability’ to ensure continuity of operations.
Many solutions claim to be able to support the ‘always on’ modern IT environment – but the technology itself says differently. For example, these solutions often require a manual failover. Failover is the process of switching to the standby system upon the failure of the previous system, so this means longer time from detection to mitigation. These types of solutions cannot be considered high availability and are just replication with a short RPO time. This not only leaves healthcare professionals unable to ensure that they can provide care at any point, but also increases complexity and cost.
Moving beyond recovery
For the many critical systems and applications in healthcare that can’t be disrupted, the industry needs to explore solutions with a journal-based processes that are capable of replicating data in real-time. They should also look for automatic failover, as this will allow for the constant availability of data wherever it resides, whether that’s on-prem or in the cloud, as this will ensure that critical data can always be accessed.
The benefits of embracing high availability
The healthcare industry must wake up and embrace high availability, as it will allow them to take advantage of modern healthcare innovation without leaving themselves vulnerable to a disaster or outage.
With more data that needs protected an ever before, it is imperative that healthcare providers make sure that they are doing what is necessary to make sure they have access to it when they really need it. From the office, emergency room or reception, when a system goes down, it can really be a matter of life and death.