Healthcare organizations are continually focused on innovation, developing and implementing new technologies to increase the levels of patient care. Also, many day-to-day activities and healthcare processes are managed by third parties or within third-party systems. This combination puts them at significant risk of cyberattacks.
According to the HIPAA Journal, 19 data breaches affecting more than 10,000 records occurred in June 2021. At Multiplan, a medical payment service provider, an attack gave threat actors access to almost 215,000 individual healthcare records. An attack on Elekta, the Swedish radiation therapy and radiosurgery provider provided access to about 170 health systems. In May, a ransomware attack against the Health Service Executive of Ireland shut down every one of its IT systems across the country. In Israel in July, the Pionet software company faced a ransomware attack, which paralyzed its customers’ sites – the Assuta hospital system, Rambam hospital, and Hadassah hospital.
These incidents are becoming more and more commonplace – with ransomware and cyber attacks becoming “whens” not “ifs.”
Healthcare organizations are dependent on a myriad of disparate systems operating across the organization, everything from scheduling systems and patient billing to lab software and computer-guided surgeries.
IT budgets in healthcare organizations are already stretched very thin. Healthcare organizations have already spent much of their cybersecurity budgets on securing active data -- their production systems.
However, the data in the development, integration, and reporting servers generally are not as secure. Attackers understand that these areas are vulnerable and may target them to access sensitive data.
Two Simple Steps for Reducing Vulnerabilities with Stronger DataOps Best Practices
Simple precautions don’t require significant investments in cybersecurity or IT infrastructure.
First - ensure that critical databases are continuously backed up
The first step in securing data against attacks, especially against ransomware locking the main production database, is ensuring the organization has a secure, off-premise backup of its databases. The backup solution shouldn’t rely on periodical updates, as you never know when an attack may take place, instead a continuous backup solution that offers a hot standby of the production database will ensure minimal downtime and short time to recovery without any data loss.
Second - reduce the attack footprint by eliminating sensitive data from non- production databases
The next step – and one of the easiest to implement - is reducing the attack surface itself.
In many organizations, highly sensitive production data is copied directly into development environments. This process inadvertently provides threat actors two ways to get to the patients’ personal identifiable information (PII). Therefore, it’s critical to use a technology that masks the data, removing any PII information as it is being moved from production to development.
During this process, all sensitive data is anonymized, so it becomes useless to the threat actor and provides full protection against the release of PII. Pre-development masking reduces the risk of having data from development environments exposed to the outside world to zero – no reputational damage, no patient lawsuits, and no HIPAA or GDPR penalties.
Another way to secure patient data in non-production environments is automating the creation of synthetic data. Synthetic data allows all systems to be tested against “real” data without risking exposure of real patient data.
The Accelario Approach
Accelario DataOps Platform is an innovative, self-service platform for streamlined database refreshes and builds that simplifies, accelerates and secures data operations for both backup and development environments. Accelario provides data replication for backup and DR, masking, synthetic data creation, and other privacy compliance functions.
Unlike other backup solutions, Accelario ensures business continuity by continuously and securely replicating production data, all from within the customer’s data center without relying on outside SaaS or cloud access.
For development environments, the Accelario DataOps Platform provides data masking, synthetic data, data virtualization, and data copying, ensuring complete privacy-compliant data while eliminating bottlenecks, without any impact on performance or processing time.
It delivers four masking options:
- In-place data masking
- On-the-fly masking
- Real-time masking
- Masking of data subsets
Furthermore, Accelario’s synthetic data tools allow for easy definition of data type, speeding delivery of data for testing and analysis without any privacy issues.
For more information about Accelario’s technology and how healthcare organizations can use it to reduce liability, increase regulatory compliance, and speed innovation, please contact us.