Why this longstanding strategy still matters for HTM teams facing modern cyber threats.
Interview by Alyx Arnett
Not every backup plan is built for a real-world failure. When systems crash or ransomware hits, HTM teams need to know that their data recovery processes will actually work. That’s where strategies like the 3-2-1 backup rule come in. Simple on the surface—three copies of data, two different media types, one stored offsite—the rule has stuck around for a reason.
While the 3-2-1 rule, introduced in 2009, remains a strong foundation, the way it’s implemented has evolved. Modern methods like immutable and air-gapped backups offer more secure ways to meet the rule’s core requirements. Immutable backups—copies of data that can’t be changed or deleted—help ensure ransomware can’t encrypt or erase critical files. Air-gapped backups, which are physically or logically separated from the main network, provide added protection by isolating one copy from online threats.
Together, these approaches strengthen the 3-2-1 framework and help HTM professionals address today’s escalating cyber risks. In this Q&A, Daniel Pearson, CEO of KnownHost, offers guidance on how HTM teams can improve their backup and recovery planning, avoid common missteps, and ensure their systems will hold up when it counts.
24×7: Why is the 3-2-1 backup rule an important strategy for HTM?
Pearson: The 3-2-1 backup strategy, which instructs three copies of data on two different media types, with one copy offsite, is relevant for HTM professionals as it ensures data redundancy, protection against various threats, and enables disaster recovery—all vital for maintaining patient data integrity and business continuity.
Backups on different media types and locations can help protect against cyberattacks, including ransomware. It also ensures critical data remains accessible and recoverable, minimizing downtime and disruptions to healthcare operations.
From booking appointments to filling prescriptions, data plays an essential role throughout a patient’s healthcare journey. It’s not just limited to electronic health records, but also personal health information containing credit card details, addresses, and phone numbers.
24×7: Healthcare organizations increasingly rely on cloud storage. Why isn’t cloud alone sufficient?
Pearson: Cloud storage alone isn’t a sufficient backup strategy because it relies on a single point of failure—the cloud provider—and doesn’t address the need for multiple copies of data on different media, which is crucial for a strong data protection plan.
Relying solely on cloud storage means your data is vulnerable to issues like cloud provider outages, server crashes, or security breaches. Not only that, but you lack control over your data’s physical location and security measures, relying entirely on the provider’s policies and infrastructure.
That said, using cloud storage as an off-site copy can be a good way to implement the 3-2-1 rule, as it offers scalability, convenience, and disaster recovery protection.
24×7: What is an immutable backup, and how does it, along with offline storage, help protect patient data and operational continuity in healthcare?
Pearson: An immutable backup is a copy of data that cannot be altered, deleted, or overwritten after it’s created. It makes them essential for protecting patient data from cyberattacks, system failures, or natural disasters. They ensure the data remains intact and available for recovery even in the event of ransomware attacks.
Whereas offline storage isolates that backup from active systems, reducing the risk of data breaches or corruption. By keeping a clean copy of data in a separate location, it ensures healthcare groups can recover even if their primary systems are compromised.
These are both crucial for protecting patient data and ensuring operational continuity in healthcare, especially against cyber threats. They also help healthcare organizations meet compliance requirements, such as HIPAA, by ensuring that accurate copies of data are retained and guarded against any unauthorized access.
24×7: How do ransomware attacks targeting backups highlight the need for strategies like immutable or air-gapped backups?
Pearson: Ransomware attacks that target backups emphasize the need for immutable and air-gapped backup strategies because they can render traditional backups useless and potentially compromise recovery efforts.
Both storage solutions provide vital layers of protection, but together, they offer an even more robust defense against cyber threats.
Immutable backups are designed to be unchangeable after they’re written, protecting them from being encrypted or deleted by ransomware. This ensures that a reliable copy of the original data is always available for recovery.
Air-gapped backups are physically or logically isolated from the main network, preventing ransomware from accessing or infecting them. The isolation ensures that even if the main network is compromised, the backups remain secure and available for recovery.
Together, these strategies provide strong protection, ensuring organizations can recover from a cyberattack without losing critical data.
24×7: What are the most common mistakes you see hospitals and healthcare organizations make when it comes to backup and recovery planning?
Pearson: Hospitals and healthcare organizations often make mistakes with backup and recovery planning, primarily by neglecting essential aspects like testing, focusing on the act of backup rather than the ability to recover. Other common errors include not implementing adequate security measures, underestimating disaster recovery capabilities, and failing to consider cost and scalability when selecting backup solutions.
These errors can undermine an organization’s ability to recover after a disaster, jeopardizing patient care and operational continuity.
24×7: How can HTM teams test and validate their backup restoration processes to ensure they’ll work during a real incident?
Pearson: Regular testing of a disaster recovery plan is critical to ensure its effectiveness against a real-world incident.
Here’s how HTM teams can validate their backup restoration processes:
- Simulate data loss: Healthcare organizations should conduct full system restoration, including operating systems, applications, and data, and practice restoring individual files, folders, or databases to ensure flexibility in recovery.
- Verify integrity: Ensure restored data is accurate by comparing it with the original data source. Use tools that verify the integrity of backup files and ensure they haven’t been corrupted. Implement software that monitors backup jobs, identifies errors, and provides alerts for potential issues.
- Track recovery time: Measure how long it takes to restore data and regularly examine backup logs for errors, warnings, and performance issues to identify areas of improvement.
- Document and share results: Keep detailed records of testing procedures, findings, and corrective actions taken. Share this with relevant stakeholders to ensure everyone is aware of the effectiveness of the backup plan.
24×7: What are some best practices for integrating the 3-2-1 backup strategy into broader hospital cybersecurity protocols?
Pearson: Integrating the 3-2-1 backup strategy into a hospital’s cybersecurity protocols involves a multi-pronged approach, especially in resource-constrained environments.
Organizations need to prioritize critical data and determine which patient records, clinical data, and system logs are most crucial for daily operations and patient care. They can assign different levels of importance to the data, prioritizing backups accordingly.
Healthcare organizations should consider hybrid storage by combining on-premise and cloud storage. They will need to use tape backups for long-term archiving of less frequently accessed data and explore object storage options for cost-effective data archiving and replication.
Developing a detailed disaster recovery plan that outlines how to restore systems and data during an outage or cyberattack, as well as maintaining clear documentation of all backup and recovery procedures.
HTMs should consider implementing appropriate security controls, like firewalls and intrusion detection systems, to protect backup systems from cyber threats. Look into isolating backup systems from the main network to prevent them from being compromised during a cyberattack, and use immutable backups. Also, look to encrypt backups both in transit and at rest to protect against unauthorised access.
Organizations must adapt to resource constraints and update their processes by automating backups and recovery procedures. Leverage existing infrastructure by using existing hardware and software wherever possible to minimize resource demands, as well as cloud-based solutions. Organizations should explore cloud-based backup and recovery solutions to reduce the need for on-premises infrastructure.
Alongside this, healthcare groups should keep up with regular monitoring to ensure their backup processes are functioning properly and keep backup software and hardware up to date with the latest security patches.
ID 102839568 © Alexandersikov | Dreamstime.com
