Cybercriminals have become more sophisticated–going beyond mere ransomware to destruction of files, database internals, and complete systems, according to a July 2016 white paper published by EMC.
That’s why EMC officials recommend a new type of security called a layered data protection strategy. The strategy, comprised of three layers, preserves the continuity of patient services, says David Dimond, chief technology officer for Global Healthcare Business at EMC.
One of the key aspects of this approach is a data vault, protected by an “air gap.” Data is periodically copied from production storage or backup systems to the isolated environment across the air gap. This dedicated connection opens only to allow synchronization and then closes immediately to maintain isolation. To provide additional security, EMC recommends zoned Fibre Channel or port-limited LAN connections to the vault, according to the EMC white paper.
EMC also recommends hardened security practices that permit only a few highly trusted personnel to oversee operation and management of an isolated recovery solution, like the kind EMC offers.
EMC’s isolated recovery solution puts vulnerable data into an off-the-grid “vault,” located across the air gap. Access controls are implemented to prevent any external manipulation of components in the vault. EMC also recommends protection of data protection assets, such as the backup system, through network controls that only allow access from specific and restricted network segments to reduce the attack vector, Dimond says.
“Security and business resilience wasn’t well defined or well-funded about five years ago,” Dimond said. When the health care industry first began to adopt electronic health records (EHRs), the focus was on disaster recovery. Now, executive leadership is beginning to look more toward operation without interruption.
IT teams today fear a ransomware attack, where data is held hostage. But, there is a worst-case scenario that goes beyond ransomware and that is when patient data is destroyed and is completely unrecoverable, Dimond said. “Surviving in this kind of environment requires some new approaches that emphasize automated solutions with more dynamic intervention,” he added.
The average cost of data breaches for health care organizations over the last two years is estimated at more than $2.2 million a breach, according to a study by the Ponemon Institute, published in May.
Against these odds, health care IT departments need more tools and technology to respond more quickly to threats,” Dimond said. They need more consistent methods of governance to protect the data.
Here are what Dimond said the three layers of protection involve:
- Use best practices for data protection. The health care industry has been doing this, as required under meaningful use, and it has become “pretty evolved,” he said. According to the white paper, some of these steps include a comprehensive backup and recovery for critical clinical and business applications, including virtualized environments and archived data.
- Harden the first layer. A key part of this should be having a separate security team in place. This team has the keys to locked data siloes. There has to be dedicated governance of data, according to Dimond.
- Implement a data destruction assessment. This involves advanced protection services, including the isolated use of an air gap feature, powered by analytics, he said. This type of technology enables IT professionals to monitor the safety of the data in near real time in what Dimond likes to call “a data destruction assessment.” EMC’s technology provides a continuous off-the-grid update to the vault. This method has the ability to respond quickly and to do it across clouds, he says.
The truth is, the speed of change in devices and in the technology environment are very different than they were five years ago, said Roberta Katz, director of EMC’s Global Solutions, Healthcare-Life Sciences. Protecting data now requires “a whole portfolio of protection strategies.”