Because of their limited resources and their primary mission (saving lives), hospitals are prime targets for malicious hackers. Healthcare centers are forced to adapt and secure their IT systems by seeking the best solution at the lowest price.
What is most expensive right now? A kilo of gold or 1 GB of data? The question deserves to be asked, as personal data is increasingly leaked.
Advertisement
Among them is health data. These constituent elements of digital identity, mainly stored by hospitals, are very popular with hackers of all kinds, for several reasons:
- Attacking a healthcare establishment is an act that offers hackers a certain notoriety;
- health establishments are inclined to quickly pay a ransom if they can, because they have an obligation to ensure continuity of care;
- if the health establishment refuses to pay, hackers can resell the data collected at a good price.
In the interests of healthcare centers, avoiding attacks remains a priority. But the public hospital has increasingly reduced resources. In 2024, the government expects 600 million euros in savings from the public hospital. A decision which should further restrict establishments in the choice of their IT security strategy.
Backing up patient data: a crucial issue
Another problem that is added to this delicate equation: the quantity of patient data is constantly increasing. We consider that at the global level, the quantity of e-health data, in which hospital data is included, doubles every 73 days. And this growing amount of data is not likely to decrease, because health establishments are required to keep it for a period of twenty years. For example, a small center such as the GHT Loiretmanages on average 30 TB of data daily.
To protect themselves from hackers, however, healthcare establishments have protection levers that they can put in place.
Advertisement
To prevent and treat attacks, they are recommended to:
- raise awareness among all staff members;
- train the establishments’ IT teams;
- to add “cyber insurance” to establishments’ insurance coverage;
- build a storage architecture that can efficiently process hot data, efficiently store cold data.
- do not put all your eggs in one basket (have several copies of data, and an additional storage site that is physically distant from the main storage location).
Because, among the control techniques, data backup remains one of the main defenses which makes it possible, in the most extreme cases, to restore the almost normal functioning of hospital activities.
To ensure that this valuable health data is correctly saved, the Digital Health Agency has set up a guide for establishments. It precisely describes the procedure to follow to define an effective backup procedure adapted to each establishment.
Faced with their reduced budgets, hospitals are organizing themselves
In France, healthcare establishments are grouped into Territorial Hospital Groups or GHTs. Today there are around 136 GHTs with just under a thousand establishments. Each GHT has its own IT department, which must take care of its IT and network infrastructure with an allocated budget.
Faced with low budgets, IT managers are adapting. They are therefore often forced to juggle aging hardware and find alternative methods to make the network architecture as efficient and secure as possible. This is what Cédric Savona, IT manager of the Michel Perret Hospital Center of Tullins. Its “small” health center (approximately 189 beds and 250 hospital staff using the computer system) relied until a few months ago on aging storage server bays which considerably slowed down the proper functioning of the hospital.
“ On old network infrastructure, information took up to 19 seconds to display. It was unbearable for caregivers and patients “. However, replacing these storage servers with professional hardware from major brands was not only very expensive, but also did not guarantee better performance.
Synology: a bet that benefits the health system
As a personal user of a Synology NAS, Cédric Savona was closely interested in the latest solutions offered by Synology for small professional structures. However, he remembers, his service providers at the time advised him against it: “ Everyone told me that I was taking personal equipment that would never last. On this occasion, I admit, I made a bet », he smiles.
A bet that he does not regret at all today. “ The infrastructure model took us only one day. Setting up Synology's DSM operating system and making adjustments then took us just a few more days. Everything was very simple and everything worked very quickly », he notes. “ Plus, Synology Support responded within minutes when we needed them. »
“ The real test was to wildly unplug an FS6400 at any time to see what was happening. The second FS6400 always took over immediately. It was the most important for us », explains Cédric Savona.
Redundancy of backups to protect your back
However, what happens when a computer attack occurs? “ This is what is most complex », admits Cédric Savona. “ We must anticipate all scenarios. We obviously have a firewall to protect ourselves from most attacks, but I fear phishing emails more than anything. That and physical attacks like a USB key lying in front of the establishment and which staff plugs into a computer on the network, for example. “, he confesses. “ This is a case that can very clearly present itself. »
Because Cédric knows well how hacker attacks work in hospitals in recent months. “ We know that hackers infiltrate network infrastructures for several months and observe what is happening underwater. », explains Cédric. “ During this time, if hackers have had time to spread their malware all over our system, backups are useless. They too have surely been corrupted. »
How then can we protect ourselves from such a pernicious attack process? Cédric remains deliberately vague about his defense strategy. “ The key is to increase the number of backup solutions: software, hardware and backup methods from different brands and services are all bulwarks that hackers will struggle to bring down. “. However, somewhere within its infrastructure there is a storage server disconnected from the network which regularly hosts a backup of its establishment's data.
Server rack or digital backup: Synology has a solution suitable for all professionals
Like Cédric, if you are responsible for network infrastructure for a small or medium-sized business, Synology offers adapted, effective and accessible solutions to support professionals in their daily needs.
For healthcare organizations in particular, Synology has a dedicated team for consulting calls to discuss the needs in their existing infrastructure.
Some links in this article are affiliated. We'll explaine everything here.