Ananth Balasubramanian, general manager of worldwide healthcare business at Commvault, has spearheaded the development of the company’s data management and protection solutions focused on the healthcare market

Cyberattacks have become very common in healthcare. How can healthcare organizations protect themselves?

Healthcare is an attractive target and easy prey for cybercriminals primarily because healthcare data is valuable on the black market and, historically, most healthcare organizations have had lax or immature cybersecurity measures.

When information systems are compromised, or when there is a ransomware attack, healthcare organizations become unable to do what they are in business to do, which is taking care of patients.

It literally becomes a life or death situation. Cybercriminals know this and hence feel confi dent in extracting ransoms.

Unfortunately, there is no 100-percent-guaranteed way any organization can prevent a cyberattack from happening. Prevention is a much needed component of a broader strategy but can never be the only approach because it’s not a question of if you’re going to get attacked, it is a question of when you’re going to get attacked. So, organizations need a plan that outlines how to respond to cyberattacks effectively and efficiently. That plan needs to be solid, agreed upon by all the stakeholders, and openly communicated within the organization so that people know exactly what to do. This is one of the most important things healthcare organizations can do to prevent an otherwise manageable cyberattack from becoming a patient safety emergency.

Only 32 percent of respondents to the HIMSS Analytics Commvault Future Proofing survey back up the majority of their data more than once daily. Why are these numbers so low?

When organizations have large sets of data, it takes considerable time for them to process data backups – sometimes as long as 24 hours. Unfortunately, organizations are not able to use their systems during these backups, which is why a lot of hospitals don’t do daily backups.

While organizations should perform full backups on a regular basis, they can also adopt alternative “smart” backup strategies. For example, your organization could perform incremental “snapshot” backups, which only update the data that has been added between backups.

As a result, the volume is much lower, making it possible to accomplish the backup with very little or no downtime.

How can healthcare organizations secure data as bring-your-owndevice programs continue to expand within their organizations?

BYOD has been a big headache for healthcare IT departments the last few years. As users bring more devices into organizations, and operating systems introduce new applications into the IT ecosystem, it is exceedingly di_ cult for IT departments to manage data security.

To manage this proliferation of devices, healthcare organizations should put some very concrete policies in place to determine the approach toward BYOD. Once you have this overall BYOD policy in place, then you need to address your approach toward applications.

Fortunately, newer technology has made it a bit easier to control how users will interact with the healthcare data when using laptops, tablets and other personal devices. In fact, there are virtual machines that run on mobile devices that help doctors, clinicians and other staff access critical applications or critical data without actually compromising security. Such technology, however, requires that users are trained to keep data protected on their BYOD devices.

Why is it important for healthcare organizations to adopt a holistic approach when  addressing data management and security?

Healthcare by nature has obviously been very fragmented. In the past, each department used to manage its own IT. It is still fairly common to go into a hospital to find multiple IT departments.

There have been so many silos that have been created, and everybody simply hoarded their data into their own separate systems, and each one handled data redundancies and management differently.

On top of that complexity, each vendor started dictating how things should be done with regard to data management. There are some vendors that required their clients to perform full backups; some said you just need a mirror site with replication. So when you let each and every vendor dictate how their systems’ data needs to be managed, then you start creating this hodgepodge of different structures and entities that really don’t mesh together to create any kind of meaningful data management foundation.

Many healthcare entities don’t even know what data they have and where that data resides. And so, as hospitals work to embrace new trends such as machine learning, they still don’t know where their most important data resides and how to get access to it. It is a sad scenario when organizations are talking about patient-centered care but are not even able to do accomplish the basic step of reviewing all of the patient’s information in one place, as data for a single patient can be spread across six or seven different systems.

For healthcare organizations to achieve their core values of serving their patients better and implementing their strategic priorities, it is imperative that they take back control of their data from their vendors. Healthcare organizations need to be in a position to dictate to the vendors how data needs to be managed if they want their business. This is why healthcare organizations need to adopt a holistic data management strategy, where all data is managed under one umbrella or one platform. This approach maximizes visibility to the data, and helps enable data interoperability, which can save healthcare organizations time and money, and allow them to be better prepared to defend against cyberattacks.