The Most Underplayed Healthcare IT Must-Have: Business Continuity and Disaster Recovery

How Two Days of Paper Record-Keeping Was Enough to Drive a Community Hospital to Search for a Better Business Continuity Solution 

By Rob Strechay, Vice President of Product, Zerto

Business Continuity and Disaster Recovery (BC/DR) strategy is often little thought of until a forcing function—be it natural or man-made—puts a renewed focus on this mission-critical capability. Far too often it is neglected as part of an organization’s larger IT security strategy. Detecting and preventing cyber-attacks and other criminal disasters such as ransomware is one theme that’s risen to the top of IT concerns lately, but ensuring healthcare facilities can confidently maintain data center operations has been at the forefront of our responsibilities for quite some time.

As a company that specializes in BC/DR, we were recently called upon to help out a community hospital that serves over 90,000 patients per year. Several years ago, the hospital’s data center operations sustained nearly $1 million in damages due to storm-induced flooding. This forced clinical staff to work from paper-based records for several days. Though the care facility quickly transitioned back to electronic medical records to ensure uninterrupted patient care, two days of paper revealed just how vulnerable physical infrastructures really are, and the hospital’s IT department made the decision that all critical data and applications need to be digitally accessible all of the time.

After the flood, disaster recovery could no longer be relegated to the hospital IT department’s “nice to have” list. It had to be looked at as a core part of their IT strategy, which includes security and accessibility, and is essential for any healthcare facility let alone a level II trauma center and teaching hospital, which this hospital happens to be.

Operating in the healthcare industry puts greater impetus on the need to ensure business continuity whatever the scenario. Any period of downtime can be potentially life threatening to patients, while potentially violating state and federal regulations. With 90,000 patient visits each year—that’s a lot of liability.

The following key steps were taken to enable the hospital’s IT data center to react to whatever might their way:

Increased the virtualization of the IT environment: 95% of operations were moved to virtual machines (VMs). This first step improved hardware consolidation from 32 server racks down to 13, and also provided operational cost savings by conserving the facility’s space and power consumption. This reduced the physical vulnerability and capital cost exposure the hospital could face in the event of a major disaster.

The next step was to move from a legacy disaster recovery solution to one that was built to work inside the virtualized IT environment that was running all of the hospital’s mission-critical systems. With ransomware on the rise, it’s not just natural disasters on everyone’s minds. This makes for an even stronger case to have the right software in place that seamlessly switches operations to a secondary data center if needed. Zerto is an innovator in hypervisor-based replication and as such, we were able to provide the hospital with not just peace of mind, but the actual ability to seamlessly trigger a failover and continue operations as usual within moments of an outage.

By breaking away from industry tradition that relies on homogenous hardware and software environments, the hyper-visor based replication solution does not require the hospital to greatly increase its storage footprint just to get all critical systems protected. The solution provides continuous replication of data, as opposed to snapshots, which slow down the main data center as they create the replicated data. Replicating data in the hypervisor allowed for uninterrupted access to electronic medical records and other vital systems, whatever the scenario—flood, ransomware hack, or user error.

Finally, an essential step in protecting the hospital’s data center came with a technology that groups applications into “virtual protection groups” (VPGs) which ensures that even if an outage occurs, all hospital applications can be recovered within minutes, with no disruption in patient care.

HIPAA mandates that all data be recoverable, and the upgraded BC/DR solution allows the hospital to easily exceed HIPAA requirements with fast, easy availability of critical data and applications.

These efforts resulted in the following key benefits that all healthcare facilities strive for:

• Exceed HIPAA obligations with data loss measured in seconds rather than hours or days, and applications available in minutes rather than hours or days
• Protect at the right level – the VM – to ensure recoverability down to even individual files and folders
• Achieve no interruption in patient care with multi-VM applications recovered consistently
• Easily meet compliance regulations with a recovery report detailing each step in the recovery process and showing its success

Even with the detailed HIPAA business continuity guidelines, many healthcare IT departments are still not completely prepared for when disaster strikes, be it natural, accidental, or criminal. Virtualizing IT, and protecting applications in the virtual environment, gives companies a fail-safe plan to thwart much more than physical disaster.

IT departments of all industries can’t afford to continue relegating business continuity to the nice-to-have list. Virtualized disaster recovery and business continuity solutions should be standard in the “tool kit” of every hospital IT department—well in advance of the worst-case scenario.

Consistency and Protection for the Modern Healthcare Organization.