Backup routines crucial to disaster, hack rebound
When Methodist Hospital in Henderson, Ky., recently fell victim to a ransomware attack, the organization told local media that it was using backup data unaffected by the attack while the main network remained down.
The degree to which Methodist Hospital continued to have the data it most needed isn’t known. But a good backup policy makes recovery from cyber attacks a lot easier, says Doug Abel, managing director of strategy and planning at Encore, a consultancy unit of Quintiles, and a former CIO and emergency manager at Anne Arundel Medical Center in Maryland.
“Use of backups as a method of disaster recovery is always optimal,” Abel says.
Further, doing backups every hour or every four hours makes the recovery point nearly instant. Even if backups are done only every 24 hours, there still may be a lot of data to re-enter, but maintaining that backup schedule still offers an opportunity for a quick recovery, he notes.
For organizations wondering how often they should backup, the generic answer is as often as feasible, Abel says. The best scenario is to have continuous backups to a remote hot site, but that is costly, and many provider and payer organizations have to find a balance between cost and risk.
“You want to make that cycle as short as you can to limit your exposure,” he advises. “There is no real rule of thumb, but it’s a matter of saying ‘How long do I want to wait for full recovery and manage through that?’ ”
Quarterly re-training on paper-based procedures obviously remains important, as does the difficult but necessary task of creating an environment of awareness and vigilance among staff members so they don’t click on a malicious link. In short, Abel says, that means having a constant education process.
One more tip: “You ought to have a plan that has regular audits of your processes and ensures you have fresh eyes on what you’re doing and why you’re doing it.”