{"id":13802,"date":"2018-08-17T15:52:35","date_gmt":"2018-08-17T14:52:35","guid":{"rendered":"http:\/\/www.devopsonline.co.uk\/?p=13802"},"modified":"2018-08-21T14:19:39","modified_gmt":"2018-08-21T13:19:39","slug":"are-healthcare-organisations-finally-making-a-move-to-the-cloud","status":"publish","type":"post","link":"https:\/\/devopsnews.online\/are-healthcare-organisations-finally-making-a-move-to-the-cloud\/","title":{"rendered":"Are healthcare organisations finally making a move to the cloud?"},"content":{"rendered":"
It was only a year ago that the global ransomware attack WannaCry was infecting more than 230,000 computers, spanning at least 150 countries. In the UK, we saw the story garner many column inches and public opinion centred on an overwhelming concern about the implications of such an attack and the somewhat muted response of the NHS.<\/p>\n
Even though NHS organisations did not report any cases of harm to patients or of data being compromised or stolen, about a third of hospital trusts in England were disrupted and NHS England data showed that at least 80 out of 236 trusts were affected \u2013 with 34 infected and locked out of devices (of which 27 were acute trusts), and 46 not infected but reporting disruption. A further 603 primary care and other NHS organisations were infected by WannaCry, including 8% of GP practices (595 out of 7,454).<\/p>\n
In the report \u2018Lessons learned review of the WannaCry Ransomware Cyber Attack<\/a><\/u>\u2019 released in February 2018, NHS\u2019 Chief Information Officer for Health and Social Care William Smart explained that the work of a cybersecurity researcher, who activated a \u2018kill-switch\u2019 on the evening of Friday 12 May, had the effect of stopping WannaCry infecting further devices. Without this intervention, it is likely that the impact that WannaCry had on services would have been even greater.<\/p>\n But a question still remains, is there anything else that could\u2019ve been done to avoid the incident, mitigate the risk of sensitive data falling into the wrong hands, and quickly recover from such an attack? The answer could be the cloud.<\/p>\n After your data has been encrypted by a ransomware, recovering it is almost impossible, thus, investing in prevention seems to be the securest solution. The first step would be creating secure backups of sensitive data on a regular basis. Keeping in mind that in case of a ransomware attack you need to physically disconnect the storage device to avoid it being infected, it would be best to keep your data backed up in the cloud rather than on-premises.<\/p>\n In an ideal world, the best solution would be to be warned early enough, so you can quickly isolate a ransomware infection and recover important data before the entire network is affected. Some CSPs have enhanced their solutions, for example here at iland<\/a><\/u> we now offer deep packet inspection, encryption, antivirus, anti-malware scans, and integrated reports for compliance and regulatory audits.<\/p>\n These services can include:<\/p>\n It is important here to outline that, when confronted by a ransomware attack, your weakest links in the security chain are your endpoints, so users\u2019 devices must be protected with AV protection, regular backups and anomaly detection.<\/p>\n While the public opinion was primarily concerned about the consequences of WannaCry\u2019s encryption of NHS patients\u2019 data files and medical systems, what actually caused most damages was the downtime. Moreover, even though a simple backup will let you restore your production database, this will take much more time than a DRaaS solution.<\/p>\n DR is a system of replication combining software and the cloud designed to minimise downtime. It creates a copy of the VM at a secondary location and can fail-over in seconds or minutes. Instead of simply having backups, DR allows organisations to devise a recoverability strategy for when a\u00a0 disaster strikes enabling them to failover production systems and get the organisation back up and running quickly.<\/p>\n DRaaS involves the engagement of a cloud service provider that facilitates some or all of the recovery process and hosts the replicated systems in their cloud. DRaaS provides more bene\ufb01ts to healthcare organisations than secondary sites by providing geographic diversity and the support of an engaged third party to help in an emergency.<\/p>\n While consequences could have been much worse, healthcare organisations became more conscious of the importance of having robust security. This is when cloud computing was looked at as a one of the best threat response strategies. The automation that can be applied to the cloud and the scalability of its monitoring and threat detection means that it\u2019s easier to detect and manage incidents. In terms of security, it shows a proactive process that allows organisations to manage incidents more effectively and enhance malware prevention.<\/p>\n Earlier this year, the Secretary of State for Health and Social Care, WJeremy Hunt, signed off on the first official guidance<\/a><\/u> aiming to help the UK\u2019s National Health Service moving to cloud. The cloud will help them to provide reliable disaster recovery, support for agile deployments, and a freedom from maintaining hardware. However, many seem to still be resistant to this move due to compliance concerns.<\/p>\n Whether it\u2019s identifying and implementing the proper controls in the cloud, passing an audit on cloud resources, or keeping up with changing regulations, IT departments in healthcare firms often don\u2019t have the time or resident expertise to confidently solve the cloud compliance problem.<\/p>\nIs data more secure in the cloud?<\/h2>\n
\n
DRaaS, the ultimate prevention?<\/h2>\n
Has it convinced healthcare organisations?<\/h2>\n