From the WELL Cybersecurity Division

To Backup or Not to Backup

As a long-time IT professional, I can’t tell you how many times I have led conversations around the importance of backing up data/systems.  Implementing a sound backup strategy applies to organizations of all sizes.  The differences are only the complexity of the systems being backed up, and the data retention and restoration requirements.

Data backup strategies have traditionally been the foundation of disaster recovery plans.  Let’s face it, computer hardware will eventually fail.  If that computer hardware is running your EMR system (or other key business systems), you want to be positioned to recover quickly and minimize business disruption.

“What is the connection between data backups and cyber security?”  We have all heard of ransomware, right?  It is malicious software that gets installed on computer systems and encrypts (locks) the data.  It renders the system useless and the data inaccessible.   You can pay thousands in ransom and hope that the key to unlock the system is provided.  Or, with an up-to-date backup in place, there is an option to restore the infected system and get it back online without paying the ransom.  This approach may take a little longer to recover but it could save you a lot of money.

“My EMR system is hosted in the cloud”.  The move to a cloud-based EMR system has many advantages including data backup services.  It is safe to assume that any reputable cloud EMR provider is backing up your data and their system.   However, if your EMR system is still in the office and/or your clinic computers house confidential data/PHI, guess what?  You are responsible for backing up those systems.

“Should we do backups locally or to the cloud?”  There are pros and cons to both approaches.  The best solution is hybrid.  Complete a local backup and then replicate that to the cloud.  The local copy will allow for a faster recovery.  However, having an offsite copy negates the issue of a fire or water damage affecting your production system and the backup.  Having an offsite copy also improves your ability to recover if a hacker is on your network and deletes the local backup before deploying the ransomware.

“How often should we back up?” There is no simple answer.  The more frequent the better.  Your restoration point (how many transactions are lost) depends on how often you back up.  Most smaller organizations generally backup up nightly.  So, if you get breached at 12 pm, you may only lose ½ a day of transactions.  But each backup consumes media…and media (physical or virtual) costs money.  You must find the balance between cost and recoverability.

Now, I don’t want to set an expectation that this is the end-all solution.  Hackers are always ahead of the curve.  More advanced ransomware attacks steal the data first and then encrypt it.  In this scenario, you can recover your locked data but may still have to consider paying so that the stolen data is not leaked or sold.

If you have any questions or need some help improving your cybersecurity, please contact me at

Scroll to Top