Why it’s important to backup and store offline

World Backup Day 31 March 2021 provides an opportunity for healthcare organisations and individuals to consider the effectiveness of their backup plans and processes. 

Health information has always been attractive to cyber criminals as it is worth more on black markets than financial information. The reason is a credit card number can be blocked, but it is more difficult to stop the fraudulent use of health information. Additionally, the aim of these attacks is often multi-pronged with the intent to disrupt vital health service delivery using ransomware, steal COVID-19 vaccine development research, or target healthcare supply chains to interfere with vaccine rollouts.

To get hold of this valuable information, malicious actors have become more strategic with their attacks. An emerging trend is to target a healthcare organisation’s backups, whether that be in the cloud or a network connected hard drive used during the backup process. Recent incidents have resulted in backup data being encrypted, tampered with or corrupted. Once this has been successful, a ransomware attack is executed on the organisation, locking users out of their computers and demanding a ransom to unlock the information. If this is the only backup copy of the data, it may prevent the organisation from being able to restore the data and ignore the payment demand.

Targeting backup infrastructure is an emerging trend, because hackers think that by disabling the backup system it increases the likelihood of payment.¹

Backup strategy

It is vital to backup digital health information so if there is an incident or outage the data can be recovered with minimal impact to the delivery of health services. This will ensure your reputation as a trusted healthcare provider is maintained and important privacy obligations can continue to be met. 

As trends indicate backups are now a prime target for cyber criminals, robust backup processes such as the 3-2-1 backup method² should be considered to help protect your systems and data and to facilitate data recovery:

Other processes that will improve your organisation’s ability to respond to an incident are:

• Backup your systems more frequently
• Encrypt copies of backups to prevent unauthorised access
• Regularly test your incident response plan, including the restoration of your backups
• Disconnect the completed backup and store offline from the network

For more information about backups and why they are important, please visit:

• Australian Digital Health Agency – Backups prepare for an emergency (PDF, 501.81 KB)
• Australian Cyber Security Centre – Backing up and restoring 
• Office of the Australian Information Commissioner – Guide to securing personal information, Guide to health privacy and Data breach action plan for health service providers

^{1 Dell Technologies EMC (March 2020) Recovering from a destructive cyber-attack
2 Australian Digital Health Agency (March 2020) Backups prepare for an emergency}