How to Minimize the Risk of Ransomware with Immutable Storage and Backups

Kelly Kempf

Data is the most powerful currency in the digital world, with the total cost of a data breach averaging $4.35M (per event).1 Even more alarming, the healthcare industry had the highest data breach cost of any industry at $10.10M (per event).1 That’s more than twice the global average. The impact for businesses is significant and will continue to grow.37% of all businesses were hit by ransomware in 2021, and it cost the world $20 billion. This number is expected to rise to $265 billion by 2031.2

Healthcare data is uniquely targeted and under constant threat from cybercriminals who seek to exploit weaknesses in systems and networks. Healthcare providers are tasked with implementing multiple layers of protection. As noted in our October 2022 Cybersecurity Awareness Podcast, healthcare providers must protect data from the inside out—including front line protection such as implementing security tools/protocols and keeping all assets and systems up to date, as well as a second line of defense, including testing the internal/external environment and taking regular, protected backups. Most healthcare providers have these mechanisms in place today, but how these security protocols are configured—and ultimately interact—plays an important role in securing healthcare data.

What’s So Special about Immutable Storage?

One critical component of protecting patient data from unauthorized access and tampering is immutable storage. Once referred to WORM-based storage (write once, read many), this time-locked, immutable object storage ensures data cannot be altered or deleted once it has been stored. This is achieved by using specialized hardware and software that write data in a way that makes it unchangeable, therefore protecting healthcare data from accidental or intentional tampering. Though back-up-to-cloud is most common, some users may look to traditional storage mechanisms, including hard drives, SSD, and—in rarest instances—tape.3

While traditional backup systems overwrite older data with new data, which can result in the loss of critical patient information, immutable storage can be used to create secure, accessible backups, an important component of cybersecurity and compliance. Even when following the 3-2-1-1-0 golden rule for backups, a virus can still infect each location, therefore destroying the integrity of the data and negating the ability to restore. By contrast, immutable backups retain every version of data that has ever been written, ensuring that even if data is corrupted or deleted, there is always a backup that can be used to restore the lost data. A solution that performs regular, unchangeable backups ensures that any lost data can be quickly and easily restored, minimizing the risk of harm to patients. Additional considerations for backup strategy planning are keeping up with the rate of data creation, retention policy review and configuration, encryption of data in transit and at rest, and isolating backup location.   

Ensure Your Disaster Recovery Measures Are Comprehensive

Healthcare providers must consider the importance of securing patient data, implement appropriate recovery measures, and regularly test their recovery strategy. Immutable storage and backups are critical components—ensuring a copy of the data remains fixed, is always recoverable, and is verifiably secure. Including immutable storage and backups as part of the healthcare security fabric helps meet the unique needs of healthcare providers, delivering both security and peace of mind that they need to operate effectively and safely—and ultimately providing patients with the confidence that their information is protected by their healthcare providers. If you want to learn more about how Connection can help you build a strong, resilient security fabric that includes immutable storage and backups, contact an Account Manager today or visit us online for more information.

1 Cost of a Data Breach 2022 – IBM.


Kelly Kempf is the National Healthcare Business Development Manager for Connection’s Business Solutions Group. Her key responsibility is to lead healthcare focused engagements from discovery through services delivery with both customers and partners. Kelly has her Certified Digital Health Professional (CDH-P) certification from CHiME and earned her bachelor’s degree in education from the University of Missouri–St. Louis.