Ensuring operational continuity is critical with healthcare data breaches

This article first appeared on our sister site Medical Economics.

Even with a staggering rise in health care data breaches over the last several years, many consumers imagine attacks on health care systems as run-of-the-mill stolen patient data and financial records. But these attacks can go much further than that.

For health care organizations, operational resiliency, and patient satisfaction remain their chief priority. Hospitals, clinics, and other health care providers can ill-afford to continue paying ransoms for their data and endure the reputational damage they cause. And patients can’t afford to pay the price with their own health.

In August 2021, the Memorial Health System, a network of 64 clinics and hospitals across Ohio and West Virginia, was hit with a ransomware attack that caused staff to lose access to its information technology (IT) systems. This devastating cyberattack didn’t only compromise patient medical records. Rather, it completely halted operations at dozens of the network's clinics and hospitals, causing surgeries to be canceled and even shutting down ambulance and emergency services.

Operational resiliency

Data breaches disrupt patient treatment schedules and the transferring of medical data. Since health care providers legally own patient medical records, what are patients supposed to do if they can’t access their medical records in the event of a data breach? In most countries, a patient can’t even book an appointment at another clinic or medical center without the relevant medical records to justify the need for it.

Such breaches can be fatal. Imagine a patient of Memorial Health had a heart transplant operation canceled due to the ransomware attack and had to wait an additional two weeks. In that time, the health of the patient’s heart could begin to deteriorate, triggering a near-deadly heart attack, and complicating a future heart transplant.

Beyond financial damage, this kind of ransomware attack on a health care organization negatively affects the quality of patient care, and can even represent the difference between life and death. On top of that, the hospital or health care organization will likely suffer irreparable reputational damage, which is why many don’t report hacks and payments made for ransomed data.

Hospitals and health care organizations of all types must find ways to absorb the blows of data breaches and continue their operations.

Doctors, nurses, health care administrators, and patients need a system that offers a backup plan, in the inevitable event a data breach occurs. This means ensuring patients, and ideally doctors and health care administrators too, always have easy access to medical records through automatic external backups. With proper preparation for these types of security threats, the health care industry can maintain operations and continue serving its patients while also fortifying its own credibility.

Taking action

To find the right solutions to ensure operational continuity, the industry must focus on interoperability and exchange of medical data while also prioritizing the strengthening of its existing IT infrastructure. Furthermore, health care organizations’ ultimate priority must be the satisfaction of its staff, patients, and family.

This starts with finding a technology solution that provides a fully-automated, external, and attack-resilient backup of all medical documents – especially patient records – in real-time. This way, if a hospital or health care network suffers a data breach, its patients can still access their health records and take them to another clinic or hospital without depending on the breach to be resolved first. This also enables hospitals to quickly maintain operations through backup servers, avoiding prolonged pauses in operations which can be the nail in the coffin for smaller organizations.

Health care providers must prepare for all worst-case scenarios. In addition to automating the backing up of all documents, the rising threats faced by health care organizations means they must come up with backup plans for everything from Internet of Things devices, which are rapidly expanding within health care, to financial information. Preparing for that doomsday scenario is the only way to overcome it if, and when, it comes.

Care providers can further bolster their plans for operational resiliency by taking actionable steps to monitor their health care IT systems, such as investing in expanding their IT department to better handle future attacks. Health care IT is a growing niche industry thanks to the COVID-19 pandemic, and hospitals and health care providers can boost their operational resiliency by addressing it the same way they would the trauma unit, or any other medical department.

The health care sector paid a ransom in about 61% of incidents, a drastic uptick from 34% in 2020. In addition to backing up all data through an external server or network, developing communication channels with other health care organizations and their patients can streamline the transfer of important medical information in the event of a data breach.

This ensures patients won’t miss a crucial surgery or operation due to a cyberattack and reduces the value of the ransomed data. Over time this will disincentivize cyber gangs from targeting health care data and institutions.

For health care organizations, operational resiliency, and patient satisfaction remain their chief priority. Hospitals, clinics, and other health care providers can ill-afford to continue paying ransoms for their data and endure the reputational damage they cause. And patients can’t afford to pay the price with their own health.

Allen Alishahi is cofounder and president of ShelterZoom, the market leader in Web3 and blockchain-based smart document SaaS. Prior to ShelterZoom, Allen was a pioneering real estate broker and innovative business strategist with nearly 30 years of experience building high performing sales organizations, driving record setting revenues, and attaining market dominance.