Author: Clement Ng
There’s no shortage of data in healthcare. Collectively, the healthcare industry has some of the richest and most detailed longitudinal data sets, and some of the fastest growing. Yet despite the huge amounts invested in collecting and storing healthcare data, not enough of it actually makes its way into the hands of those who need it when they need it most. Clinicians and administrators are often hobbled by siloed data and outdated communication and coordination methods that have changed little since the 1990s.
This fractured state of affairs increases the risk of mistakes during handover, impedes care coordination across clinical teams and leaves healthcare organizations hamstrung by a lack of free flowing, interoperable data. Worryingly, it also jeopardizes the privacy of sensitive health information and presents a frequent target for ransomware attacks.
Smile CDR partner Verto’s Flow platform gives providers the tools to ensure consistent, coordinated care and personalized patient experiences across organizations. Using Smile CDR to consolidate clinical data with HL7 FHIR as the canonical data model means Verto can ingest HL7 v2 data from legacy sources and expose it as FHIR resources via modern APIs, all while ensuring patient privacy and granular management of authorization and authentication.
Apart from providing context-driven patient flow pathways efficiently fed by data aggregated from multiple sources, Verto Flow and Smile CDR also use data virtualization methods based on FHIR to make provider systems more ransomware resilient.
There are inherent limitations in healthcare systems that make them difficult to defend; undoubtedly this is part of why they’re so often targeted. So while it’s not feasible for healthcare to be “ransomware proof”, the right architecture can mitigate the risk and bring systems closer to being “ransomware resilient”.
Conventional solutions like tape backup are safe and cost-effective solutions for archiving data, but few realize that in practice it takes most health systems close to a month, if not more, to recover from a ransomware event using backups.
Moreover, the standard array of defenses against outages involves shipping live copies of data to various backups in real-time. Ransomware attacks exploit this feature by corrupting the data-at-rest but leaving services running, meaning that corrupted data is shipped to the backups. Most ransomware infections aren’t discovered until a week or more after the initial breach, forcing IT teams to sift through backups to find the earliest “uninfected” version.
The key to enabling resiliency in the face of these threats is using data virtualization together with FHIR to radically reduce recovery times to minutes/seconds rather than days or weeks. By using a Type 2 Data store, the risk of ransomware is contained by allowing rapid discovery and isolation of infected data.
Second, Verto Flow uses a redundant EHR User Interface combined with the ability to migrate any HL7 FHIR record using dynamic mappings back to the critical source systems.
This means that when the ransomware event occurs and the core systems are isolated, the Flow platform can be used as a temporary EHR to not only look at records in the system but also make new data additions to support clinical operations.
This means a 0-second Recovery Point Objective on critical system loss and a backup application suite that makes a 5-minute Recovery Time Objective for clinical operations a reality, even in ransomware events.
The bottom line is that providers now have a robust, easily attainable, and inexpensive Business Continuity option that can deliver on their compliance guarantees.
Want to learn more about how Verto Flow and Smile CDR can help your organization? Get in touch and let’s talk.
You can also check out a recent webinar we presented with Verto for Digital Health Canada, Hardening Health Systems against Ransomware Vulnerabilities using HL7 FHIR and Data Virtualization.