Backup and Recovery for Healthcare: Surviving Ransomware Without Paying
When the Synnovis ransomware attack hit in June 2024, the organisation did not pay the ransom — but recovery took months and disruption was severe. The limiting factor was not willingness to recover but the complexity of restoring interconnected clinical systems in the right sequence while maintaining patient safety. For healthcare organisations, the question is not whether to have backups but whether backups are tested, immutable, sufficiently granular, and backed by a recovery plan that clinical and IT teams have actually rehearsed.
Only 23% of NHS organisations have tested their full cyber incident recovery plan in the last 12 months — meaning most would be improvising during an actual ransomware attack.
What a Healthcare-Grade Backup Strategy Requires
An effective healthcare backup and recovery strategy requires more than nightly tape backups. The minimum standard includes: 3-2-1-1 backup architecture (3 copies, 2 different media types, 1 offsite, 1 offline/immutable); backup frequency matched to clinical data criticality (EPR systems may require hourly backups to minimise data loss); immutable backups that cannot be encrypted or deleted by ransomware (achieved through air-gapped storage or object-lock cloud storage); application-consistent backups for clinical systems (not just file-level backups that may create corrupt database states on restore); and documented, tested recovery procedures with clear Recovery Time Objectives for each critical clinical system.
Testing Recovery Before an Incident Occurs
Untested backups are an illusion of security. Healthcare organisations should conduct: quarterly restore tests for critical clinical systems (EPR, PACS, lab systems) to verify backup integrity; annual full tabletop exercises simulating a major ransomware incident with clinical leadership, IT, and communications teams; regular review of recovery time estimates against actual restore performance; and maintenance of offline, printed clinical procedures for the scenario where all digital systems are offline. Kyanite Blue's Collective IP services include backup strategy review, recovery testing support, and incident response retainer agreements for healthcare clients.
Kyanite Blue specialises in cybersecurity for iGaming operators. MGA-licensed operators across Malta trust our stack.
Get in touchReady to secure your iGaming operation?
MGA-licensed operators across Malta trust Kyanite Blue.