Is Your Patient Data Archive Safe?
June 18th, 2020
A recent ransomware attack resulted in a hospital losing its patient data archive. Learn how you can prevent data loss even when a cyberattack occurs.
Keeping patient data safe and accessible is critical for every healthcare organization. Problems often occur when you keep a legacy system running to store your patient data archive. It seems like an innocuous decision. But as many have learned too late, it heightens the risk of a cyberattack.
Colorado Hospital Loses Records After Ransomware Attack
This scenario played out for a Colorado hospital. A ransomware attack wiped out over five years of patient medical records.
The incident was specific to their legacy EHR. It didn’t infect the EHR database bur rather the proprietary software required to read those records.
The hospital announced the breach to its patients and its new protocols on security. They were able to recover some files via backups. Other records remain lost at the time.
This story illustrates the threat of legacy systems. The consequences include the breach, which could mean exposure of personal information. In addition, the loss of records may impact continuity of care.
What’s Wrong with Legacy Systems?
It’s common practice for entities to keep legacy systems running as a means of storage. Medical record retention laws define how long you need to preserve certain records. To make it “easier” during a data conversion, many opt not to migrate all data.
Converting all data when you switch to a new health information system (HIS) is understandable. Why drag old files to a new system? Except, depending on a legacy system as a secure custodian of records leaves you open to cyberattacks.
If you don’t continue to update and maintain legacy systems, there will eventually be cracks. Cybercriminals only need a slight one to find a way to penetrate.
On top of the security risk, legacy systems are expensive and hard to navigate. It’s not an ideal solution. Many believe it’s the only one.
There’s a Better Way to Archive Patient Data
To avoid a ransomware attack and data breach, you should know two things.
First, you need to ditch your legacy system. Instead, you should seek a medical record archiving application. With a web-based system, it’s accessible from any browser. Such a tool should follow all compliance mandates. It should also be easy to use.
With this transaction viewing solution, you can search and filter. It provides a way to run reports for audits or record requests. Further, it must use advanced information security protocols like encryption.
Second, you need to have a third-party, cloud-based backup of historical data. The hospital, in question, does remark there was a partial recovery via backups. However, the story suggests its backup policies may not have been consistent.
Backup shouldn’t be something you have to worry about. It should be part of your archiving solution. Anybody can offer you a backup product. Scrutinize your options, asking things like:
- Does the cloud storage use encryption?
- Does the data center undergo regular risk assessments?
- What is the uptime average?
- Does the data center meet certain certifications? (HIPAA, HITRUST, SOC 1, 2, & 3, etc.)
Ensure the Security of Your Patient Data Archive with ViewMaster
ViewMaster, our proprietary transaction tool, makes archiving simple. Its intuitive design means it’s user-friendly, so you can find what you need fast.
Unlike legacy systems, ViewMaster doesn’t have maintenance fees. It’s a platform that helps you meet record retention requirements and is completely secure. Plus, it comes with offsite backup in the cloud.
It solves all the problems of traditional patient archives. We invite you to see how it. Watch the video and request a five-minute demo today.