How Aussie partners can help keep critical information safe in healthcare
- 14 September, 2017 08:15
In housing some of the world’s most sensitive data, the healthcare industry plays host to vast amounts of critical information.
Yet in Australia a gap remains, as customers fail to recognise the importance of back-ups and the capability to perform them.
There are thousands of small to medium healthcare centres across the country and, despite a paper legacy, all now collect patient data electronically.
Doctors, specialists and clinics need back-ups, but do not have the tools or expertise to perform them to industry best practice.
Step forward the channel, a channel now tasked with ensuring best practice back-up and data protection processes are implemented in a bid to eliminate the risk of a catastrophic failure and prepare healthcare businesses for a long-term future.
Back-up challenges for healthcare providers
Across Australia, the healthcare industry has regulatory requirements for data retention, yet the challenges it faces with back-ups are not unique and similar to those for other industries.
Threats to data such as ransomware, human error, or a flood or fire can strike any organisation and, without proper back-ups, businesses are struggling to get the affected data back.
"In healthcare there is a legal requirement, however, that does not mean data protection is performed well,” StorageCraft director of technical services for Australia and New Zealand (A/NZ) Jack Alsop said.
According to Alsop, many business that fit the profile of most small to medium sized healthcare providers still do not have a means to back-up data to an offsite location.
“In fact, many do not have regular local or offsite back-ups,” he added. “Many in the industry do not understand the importance of back-ups.
“IT is vital, but not considered a primary part of the business. Ransomware doesn’t care who you are: you could be a doctor or a judge, it will encrypt your data so you can’t access it.”
According to Alsop, another challenge facing the sector is a “dearth of trusted advisors” to help with offering concise information about the importance of back-ups and what options are available.
“They say they are doing back-ups, but are they doing regularly and correctly?” Alsop asked. “Often they don’t have anyone to turn to who can communicate the problem and offer a cost-effective solution.”
Service provider opportunity
Without an understanding of the back-up options available, healthcare providers are often relying on IT service providers to introduce them to technology.
“Our market is private healthcare providers which are small businesses and traditionally haven’t spent money on backups: doctors or specialists with between five and ten desktops and a single server on site,” Health IT founder Peter Machell said.
“They are toying with the idea of cloud, but the back-up principles remain exactly the same.”
Operating as a Brisbane-based IT services firm, Machell said the company - which is a specialised StorageCraft partner focusing across the SME market - is generally dictating back-up and data protection solutions to customers, to ensure data is adequately protected.
According to Machell, these business owners are very concerned about security, spend a lot of money on medical insurance and are generally worried about privacy breaches.
“They are not doing back-ups properly and don’t know if the backups they take are working even if they assume they are,” he added. “They have both patient and financial data and are justifiably terrified of a breach.”
Furthermore, Machell said many healthcare providers are also unaware the back-up data can be encrypted from the time it leaves the server, and never leave Australia by being replicated to StorageCraft’s cloud servers in Sydney.
“Healthcare providers use a mixture of backup methods, from manually copying files to a USB key to all sorts of third-party software to the native Windows tool, without expertise around database back-ups,” Machell added.
“We are moving them from an IT guy who setup a backup script to StorageCraft which is a more elegant and sophisticated solution.”
According to Alsop, opportunities are now rife locally for IT services firms to be seen in the healthcare market as trusted advisors on data protection.
“StorageCraft is providing background information and then passing the engagement to partners,” he added.
From back-up to business continuity in healthcare
In addition to meeting compliance requirements, Alsop said a prudent back-up capability will allow healthcare providers to benefit from better business continuity.
“Business continuity is a strategy whereby essential services are duplicated – or have contingency options in place – in the event of a disruption,” he explained.
For Alsop, the routine operation of a business or healthcare practice can be impacted by many events, from a transport strike to a fire or malware attack.
And with more business processes now digital, the availability of data and applications is a critical component of business continuity.
“In healthcare there is a mature understanding of the need for business continuity in mission-critical environments like emergency rooms, but the non-hospital healthcare industry might not have a plan for a computer system outage,” he added.
Across Australia, Alsop said the need for business continuity comes down to a purely business decision, but if a data system goes down most organisations will not be able to run the business.
“Ask yourself, ‘what will be my cost if I don’t have a server?’ Doctors might not understand this, but if the ability to collect patient records was taken away they would be immediately concerned,” Alsop added.
“It comes down to one thing – you have insurance for specific reasons and it is worth having a fully costed TCO for business continuity. Business continuity is not difficult, but it has to be part of a whole insurance policy for the practice.”
Therefore, healthcare providers improving back-ups to include business continuity will help build resilience when there is a problem.
At Health IT, Machell said many practice managers have a way to go before adopting a mindset of business continuity and there needs to be more of a focus on the impact of downtime and ease of recovery.
“We are pushing for our customers to improve their backups and develop disaster recovery and business continuity plans because downtime is productivity lost,” he added.
“We sell StorageCraft with cloud disaster recovery for only $100 per month, per server. It is a step up for some, but Healthcare providers have to evolve from backups to business continuity.”