Did you know that, outside of the US government, the healthcare industry holds more personal data about the general public than any other business entity?
Everything from Social Security numbers to medical records to payment details are held by healthcare providers. If the information stored by these businesses were hacked, it would jeopardize the integrity of the healthcare industry and the livelihood of millions of Americans. As cyberattacks rise in the healthcare industry, this risk has become even greater.
In the worst case scenario, hackers will steal your customers', clients' and employees’ street addresses, names, medical IDs, income data, email addresses and Social Security numbers. Many hackers will do this on a grand scale, preventing law enforcement from being able to track the source of the attack, much less the data breached in the theft. This became the reality for Anthem, Inc., the second-largest health insurance provider in the US, as determined in January 2015. According to CNN, the holder of Anthem Blue Cross and Blue Shield Amerigroup, Anthem Blue Cross, and Healthlink, experienced a breach of security of roughly 80 million records, costing the company millions in damages.
Hacks of this nature are damaging to all parties involved; and, often, companies that are hacked never recover. Regulations on the handling of personal patient information, such as HIPAA compliance, have been placed on the healthcare industry to avoid breaches such as the one that occurred with Anthem. These data hacks are not specific to the healthcare industry, however, and many other industries could benefit from the added security of a government- approved and complaint plan for backup and disaster recovery. Several high profile cases of massive data breaches have occurred in recent history, including Target, eBay, Sony, and The Home Depot. Let's walk through the steps of a government-approved, HIPAA certified approach to protecting data from loss or theft. Here are three steps your company can follow to implement an effective backup plan:
Step 1: Develop a Plan
Before you can establish a backup plan, it is important to ensure that your company develops an IT disaster recovery plan that aligns with your business continuity plan, as noted by Ready.gov. Include recovery time objectives and priorities, along with recovery strategies that correlate with your business demands, i.e. how soon should data be restored in order to keep up with the business continuity plan.
Step 2: Cover All Your Risk AreasWhen establishing your backup and DR plans, it is important to cover every possible aspect of your IT system. This should include, but is not limited to:
- Hardware, (i.e. desktops, laptops, servers, networks, peripherals and wireless devices)
- IT work space, in terms of having a secure room featuring climate control and backup power supply where computers and equipment are utilized and housed
- Service provider connection, whether via wireless, cable or fiber
- Your corporate, employee and customer data, in addition to backup data services
- Software utilized in the workplace, such as email system, electronic data interchange, office productivity, and enterprise resource management
Step 3: Choose a Cloud Provider
Finally, your company should choose a cloud provider for data backup and disaster recovery that offers government-approved security and storage capabilities. Cloud-based BDR has the ability to transmit data across a highly secure WAN optimized network providing ease of transfer and simple application. In order to qualify as a government-approved data backup plan, cloud providers should meet the following certifications:
- HIPAA (The Health Insurance Portability and Accountability Act) standards for compliance, which protects personal health information stored or shared electronically
- The Payment Card Industry Standards Council (PCI SSC) security standard compliance for credit card payment protection
- Service Organization Controls (SOC) 2 Type 1 on controls at a service organization relevant to security, availability, processing integrity, confidentiality or privacy
The Bottom Line
Setting up a data backup and recovery plan that fulfills government security requirements, solves two problems. First, you enable your business to protect your customers’ information at all levels. Second, your BDR plan is compliant with government entities, which is a mandate for healthcare providers. NewCloud offers cloud-based BDR that is specifically compliant with government standards for the healthcare industry. If you would like additional information regarding how to maintain a backup plan that gets the green light by the government, contact NewCloud for the most reliable cloud service on the market.
Originally Published Dec 7, 2016