Backing up your data sounds like a mundane task, but it shouldn’t be taken for granted. It’s an essential strategy for any medical practice in this day and age where technology has become a big part of our lives. 

After reading this blog, you will know why it’s important to back up your practice’s data, how often one should make a backup with a recommended regime from GoodX, as well as what one should do in a ransomware situation.  

Click on one of the topics below in order to navigate to and read more about it:

Why is it Important to Backup Healthcare Data?

Life can be unpredictable, but that doesn’t mean that you should roll with the punches and be unprepared for a situation. Backing up data is a cyber-healthy way for any medical profession to survive. 

The Protection of Private Information Act 4 of 2013 provides that a practice or hospital which collects and keeps private information must secure the integrity and confidentiality of the information under its control. They must take appropriate, reasonable, technical and organisational measures to prevent:

  • loss of, damage to or unauthorised destruction of personal information; and
  • unlawful access to or processing of personal information.

“Data not backed up is equal to data not yet lost.” 

For example, imagine a healthcare facility suddenly without power. Your data might go missing and/or get damaged. This will result in a massive inconvenience for healthcare professionals and patients might be put into danger due to the damage done to their important information. 

Avoid situations like the example above and have data backed up regularly and stored at different locations – data is crucial for providing dependable care to your patients. If you don’t have a proper backup regime in place, you’re vulnerable to data loss due to viruses, ransomware, hardware failure, theft or fire – especially when you’re on your own server.

GoodX Software provides software, not IT related services and GoodX does not keep copies of your data. It should be a priority for each practice to make sure that you contract an expert IT consultant to make sure that your IT is dealt with properly. It is imperative that your hardware is kept up to date and your backup process is implemented with all due diligence.

It is the responsibility of the practice to verify the validity of backups by checking that backups were successful with no errors and to confirm that backup files are present at the backup locations after every backup. If there is any indication that the backup is not successful, it is the responsibility of the practice to contact the IT company immediately to resolve the problem.

GoodX’s Recommended Backup Regime

The following internal controls diagram describes the processes that should be followed during the year in every practice. You will notice that each period ends with a backup to be made of the data. Different sets of hardware should be used for the different backups, as some viruses go undetected for a while.

http://learning.goodx.co.za/mod/book/view.php?id=2197

A good procedure is to have different hardware for:

  • Monday to Friday backups
  • Week 1 – 4 backups
  • Month 1- 4 backups
  • Yearly backups

Make independent backups i.e. to different USB media instead of rewriting to one medium. If a virus is picked up on Week 3 of Month 2, and you notice the virus only during Week 1 of Month 4, you will at least have an uncorrupted backup from Week 2 of Month 2 and not lose all your data.

Verify backup media after making a backup by testing archives and file sizes. It’s imperative that backups are kept off-site in case of theft or fire. Leaving a backup device connected to the PC will not be of any use in such circumstances or in case of ransomware or viruses. 

This information is not relevant to GoodX Cloud and GoodX Web App clients as GoodX performs and keeps backups.

Daily, Weekly, Monthly & Yearly Backups in GoodX

The backup procedure is the same for daily, weekly and monthly backups. However, for monthly backups, best practice dictates that you first check that all transactions for the month are up to date and all reconciliations are up to date. The month-end procedure must be completed before the month’s backup is made.

The yearly backup will be done after completing the financial year-end on your software. This will be the final backup for the year to be kept safe in a different location. It would be advisable to upload the yearly backup onto cloud-based platforms to protect it against fire or theft. Examples of cloud-based platforms are Google Drive and Dropbox.

Use hardware that is dedicated for your weekly backups and have at least four sets of hardware available, one for each week of the month. 

Ransomware – What to do?

A big concern is that practices do not implement proper safety precautions for their servers, making the data especially vulnerable to viruses and ransomware. Best practice dictates that no emails should be opened on a server and proper firewall protection for your server should be implemented. 

There is a virus called CryptoLocker, for example, being sent to email addresses. CryptoLocker is a ransomware trojan targeting computers who run on Microsoft Windows. Ransomware is a form of malicious software or ‘malware’ which demands payment to unlock your computer and can often prove difficult to clean up or remove from both PCs and Macs.

CryptoLocker is commonly spread through infected email attachments, often disguised as a PDF. This virus encrypts your files, restricting access, holding your files ‘ransom’ for a certain fee. The virus threatens to delete files if this fee is not paid by a set deadline. This is something you should be careful of even if you have virus protection software installed, as it may not detect CryptoLocker. 

How can you protect your data?

  • Install and regularly update anti-virus software to detect malware;
  • Regularly backup all your files to a cloud service in case your computer cannot be cleaned of the virus;
  • Inform all your staff about the risks and how to protect their data.

What to do if your computer is infected?

  • Disconnect your computer from the internet immediately;
  • Disconnect all storage devices (USBs and Hard drives);
  • Switch off your computer;
  • Contact your IT department to format the PC or restore a backup image;
  • Once you are confident that your computer is virus-free and you have a backup available, please contact GoodX to reinstall your software and restore your backup.

It is your responsibility to protect your data and make sure that your data is properly backed up and the backup is tested and reliable for a restoration process.

Conclusion

To end off, backups are highly important for any business and a medical practice is no exception. So, ensure that you and your medical software provider has a proper backup regime – preparation is key and remember: “Data not backed up is equal to data not yet lost.” 

Disclaimer: GoodX takes no responsibility for loss of data due to hardware failure, theft,  viruses, etc.