• Warenkorb
  • Navigation
iTernity Interview

Secure data storage & ransomware protection in the cloud for clinics and hospitals

"Only the storage of data outside the local IT infrastructure can provide a high level of security."

More than ever before, Ransomware is becoming a security problem for clinics and hospitals. A common way to protect sensitive patient data is to permanently back up the data on a medium outside the local infrastructure - for example in the cloud. Clinics and hospitals are increasingly less reserved about the cloud, yet skepticism and prejudice still prevail. Is data in the cloud secure? What role does the server location play? Can the cloud provide an effective building block for protection against ransomware?

 


Werner Bachmann, a lawyer specializing in IT compliance and data protection, explains in an interview why data storage in the cloud can be more secure than in your own data center and at the same time provide effective protection against ransomware.

iTernity: Mr. Bachmann, why are cloud solutions becoming more important for clinics and hospitals?

 

Werner Bachmann: IT has developed enormously over the last 20 years. IT installations are becoming more and more powerful, the shortage of IT specialists is increasing, and data volumes are rising. The associated growth in complexity and the increasing use of resources can often no longer - with reasonable cost effectiveness - be mapped in a clinic or hospital's own data center.


Cloud solutions, on the other hand, make it possible to save all or part of the costs of setting up your own IT infrastructure. Instead, software and hardware, storage space and computing power can be obtained via the cloud. This increases IT efficiency and significantly reduces complexity and effort.

iTernity: Why is there such a great need for clinics and hospitals in particular to outsource data to the cloud?

 

Bachmann: Hardly any other company has as many IT systems in use as an averagely large hospital with 30,000 inpatient treatment cases per year. The number of IT installations here ranges from 300 to 500, with an IT staff of 12 to 15 people. Managing and optimizing these systems involves a high degree of complexity, which should not be underestimated. Often hospitals and clinics do not have the necessary infrastructure, know-how, or human and financial resources to set up these systems in their own data centers. Therefore, data and processes must be outsourced to the cloud.


Another reason for data storage in the cloud is the increasing number of ransomware attacks in the healthcare environment. Only the storage of data outside the local IT infrastructure of a clinic or hospital, from where it is not accessible to ransomware, can provide a high level of security. The cloud is a future-proof option for this.

iTernity: So why is there still skepticism in the healthcare sector about the cloud?

 

Bachmann: In general, skepticism about data storage in the cloud has decreased. However, if there are still doubts, there are usually two reasons. One reason is certainly the fact that many hospitals and clinics have little experience of their own in dealing with the cloud. The cloud requires a new model of IT control. For many IT staff, this administration and control of external cloud providers is initially uncharted territory - and this is always associated with a certain amount of skepticism.


The second reason is that the topics of risk management and patient safety have reached the clinics, and many cloud providers have fallen into disrepute in the healthcare sector in recent years due to various data slip ups and unclear data protection issues. A new basis of trust must first be created here. However, trust in cloud providers is unproblematic if the hospital or clinic alone has control over the infrastructure - firstly, if the data is highly encrypted so that it cannot be read even if it were accessible to others, and secondly, a geographical storage location is chosen which is subject to regulatory supervision, which maintains high security standards and actively monitors them.

iTernity: Against this background, where should the servers of a cloud data center be located?

 

Bachmann: The physical server location should be at least within the European Union. These data centers are state of the art and meet high security standards, which are subject to the legal requirements of the EU. Corresponding ISO 27001 and ISO 9001 certifications confirm that the data on the servers is properly protected.

iTernity: How do you assess IT security in the cloud?

 

Bachmann: The cloud often proves to be more secure than data storage on companies’, clinics’, and hospitals’ own servers. Data and information security can now be regarded as one of the success factors here.


Servers located in the basement of a hospital are as such no more secure than those of a cloud provider - Rather the opposite is true. From a technical perspective, a cloud data center can provide far better IT infrastructures than a company or hospital could ever provide in its own data center. From perimeter security, system and infrastructure security, protection against unauthorized data access and ransomware, to reporting and monitoring. The outsourcing of data to the cloud is not a step down here, but a qualitative leap or a good addition.

iTernity: How likely is it that a cloud provider will fall victim to a ransomware attack?

 

Bachmann: I consider a successful ransomware attack on a cloud data center to be unlikely. Cloud systems are so penetration-proof that they cannot be attacked by common malware, such as viruses and trojans. Serious cloud vendors have anti-malware and protection mechanisms in place to provide effective protection against these attacks. The relevant technologies are integrated into the products and services.


Ransomware is usually nothing other than social engineering. Successful ransomware attacks require someone to let the ransomware into the system - e.g. via false applications, conference documents, etc. Due to the high level of automation in cloud data centers, this type of social engineering does not work there.

iTernity: Would you recommend a clinic to store patient data in the cloud?

 

Bachmann: Yes, this is the practice - both to reduce complexity and effort and to protect against ransomware. There are numerous large hospital groups which operate all IT systems as managed services. The entire responsibility for the IT infrastructure and processes below the patient data is then in the hands of an external provider. Modern hospitals generally use mixed forms of cloud computing and their own data center. A hybrid storage approach is indispensable in order to digitalize all processes and make optimal use of the IT infrastructure.

iTernity: What requirements must clinics and hospitals meet for secure data storage in the cloud?

 

Bachmann: From the perspective of the patient: Hospitals and clinics must ensure that personal data can be consistently and completely released at the request of the patient, that this data has been treated with the utmost care and has not been passed on to third parties.


From the perspective of the clinics: With regard to the process quality of the clinic, processes must be organized in such a way that the diagnosis and treatment of the patient is carried out according to the state of the art. This means that in the treatment context, all relevant information must be provided completely, correctly, and accurately. The quality of the systems in hospitals must ensure that the required data - and their quality - can be offered in the relevant treatment situation - from the emergency room to rehabilitation.
Data protection is taken very seriously. Therefore, the choice must be made for a cloud provider which is committed to the principles of trust, transparency, conformity to standards, and regulatory compliance – all at the highest level.

iTernity: Clinics and hospitals are increasingly being targeted by ransomware attacks. iTernity Archive Protection offers protection against these attacks by additionally storing archive data in the cloud in encrypted form. How do you rate this concept?

 

Bachmann: In ransomware attacks, company or clinic data is encrypted - institutions are usually not well prepared for this emergency situation. If there is no adequate security concept, a company or clinic may then be in coma for several months.


iTernity Archive Protection protects companies and clinics from emergency situations. The solution offers an effective rescue network - for the data of a company, hospital, or public institution in the event of ransomware attacks - through the media disruption, the encryption concept, and the recovery service from the iTernity Cloud.

About Werner Bachmann

Werner Bachmann is a lawyer for technology law and a partner in the law firm Graf von Westphalen & Partner, with a focus on IT compliance and data protection. He advises German and international companies, clinics, and hospitals in the areas of software and information technology. In recent years, Mr. Bachmann has increasingly expanded the consulting areas "e-health" and "IT risk management and compliance". In addition, he is a member of the scientific advisory board of the Federal Association of Hospital IT Managers.

iTernity Archive Protection - Ransomware protection from the cloud

Ransomware attacks pose a serious threat to companies, hospitals, and public institutions. iTernity offers a lean and secure solution to protect your archive data from attacks and to meet long-term regulatory requirements.


With iTernity Archive Protection, archive data is stored outside your local infrastructure in the secure iTernity Cloud, where it is not accessible to ransomware (media disruption). The data can be restored at any time and delivered to you on a physical medium.

 

Your advantages with iTernity Archive Protection:

  • Protection of your archive data thanks to media disruption and the cloud
  • Transfer of your archive data via https to the iTernity Cloud
  • Recovery service from the cloud if your systems are infected
  • ITIL v3 & ISO 27001 certified and double data encryption
Learn more
Insights, News & Events | Stay up to date!
Subscribe to our Newsletter