5 tips for securing aged care data and assuring continuity through crisis

Rapid data growth coupled with rising cyber threats has intensified the need for aged care…

Rapid data growth coupled with rising cyber threats has intensified the need for aged care organisation’s to have a comprehensive disaster-recovery strategy, writes Leo Lynch.

The COVID-19 pandemic is having a significant impact on the way aged care providers leverage technology. While many digital information systems, including the management of clinical information, medication and resident management, were already in place, the degree to which providers have ramped up their usage has been extraordinary.

Leo Lynch

The increased speed and scale of technology usage have led to a parallel increase in resident data – data that providers are obligated to store, secure effectively, and intelligently manage.

They must protect digital records to support how care is provided, drive compliance and auditing against accreditation standards. Then, they must manage the terabytes of unstructured data shared among aged care professionals working onsite and remotely.

These factors translate to high-performance requirements for IT systems as waves of new data are created, thus shining an even brighter light on the importance of data backup and recovery. Sadly, as providers pivot more resources to the frontline in the fight against COVID-19, bad actors are trying to take advantage of the situation.

The Australian Cyber Security Centre (ACSC) warned that Australia’s aged care, health and research sectors are at greater threat of being targeted, and potentially compromised, by malicious cyber criminals.

This double whammy of rapid data growth and rising cyber threats has intensified the need for a comprehensive disaster-recovery strategy. Aged care providers must implement an effective data backup and recovery plan that protects resident data and minimises potential downtime.

1. Test, test, test

The same as testing is paramount for determining the spread of a virus, testing for IT vulnerabilities and connectivity issues is a fundamental first step. As an aged care provider, you should consider engaging a third party to conduct penetration testing of your environment.

Also, be sure to regularly test your data backup and recovery procedures and processes to ensure that all systems are working the way they should. This process ensures that your data is quickly and easily recovered in the case of a cyberattack or another emergency.

Testing should also include a thorough review of your backup and recovery plan. If you do not have such a plan, it is time you made one. And if you do have one, be sure to give it a regular dusting off.

2. Teach good cyber-hygiene

Aged care workers do not only need clean hands. They need good cyber hygiene. If your workers have never heard of ransomware or phishing, they cannot protect against it –and it is more likely they will click on malicious content that can jeopardise your organisation.

It is essential to educate everyone on the basics, of identifying malicious emails, selecting strong passwords, and regularly patching and updating their device’s software. It is also a good idea to send alerts to staffers about the latest known ransomware and phishing attacks so they can recognise and avoid them.

3. Use snapshots to back up data

Ransomware is lethal to aged care providers because it can block them from accessing critical resident data, potentially putting lives at risk. But if critical client data is backed up to a reliable source, ransomware immediately loses its sting.

One of the best forms of backup is immutable object storage, which continually protects information by taking snapshots in regular 90 second intervals. As a result, even when data is overwritten by ransomware, older objects remain immutable and unchanged. The net result is that providers can quickly recover the most recent version of their data and take the bite out of ransomware attacks. 

4. Consider converged, scale-out storage

You can streamline your data-backup and protection capabilities by integrating primary, secondary, and cloud storage in a single solution. This integration can eliminate storage and data protection silos while decreasing the risk of any downtime.

What is more, this kind of storage can be scaled up as needed, which means providers can start with a few terabytes of capacity then scale up while requiring minimal configuration or application changes.

5. Do not skimp on encryption

Aged care providers are good at encrypting data in transit, but they often neglect to encrypt their resting data. This represents a dangerous vulnerability because if a data leak does occur, hackers are likely to steal resting data.

Encryption at rest can protect against the vulnerability of drives being removed that may contain critical data. By properly encrypting data at rest, providers can make it harder for hackers to make sense of client data, even if they gain access.

Aged care providers have never been tested the way they are being tested today. Under such tremendous pressure, mistakes happen, and data can be lost, deleted, or removed. Being prepared will help release stress in advance and ensure IT infrastructures serve to support the incredible work and outcomes of our aged care industry. 

Leo Lynch is director, Asia-Pacific at StorageCraft

Comment on the story below. Follow Australian Ageing Agenda on FacebookTwitter and LinkedIn, sign up to our twice-weekly newsletter and subscribe to AAA magazine for the complete aged care picture.  

Leave a Reply