Getty Images

Enabling Resilience through Cyber Recovery for Cerner Customers

Supporting Cerner healthcare organizations with cyber recovery and resilience will help providers to continue to deliver care based on data-driven insight.

Physician groups, hospitals, and health systems rely on mission-critical, data-driven technologies to enable the availability and continuity of care required of today’s healthcare industry in the United States, and cyberattacks have increasingly homed in on sensitive clinical information and systems as means of extorting ransom from breached healthcare organizations.

Considering this reality, these organizations must adequately prepare to defend and react quickly against attempts to take vital systems offline, with few systems as critical to the business of healthcare as EHR technology. What’s more, the pandemic has also compelled provider organizations to support a remote workforce outside of their traditional infrastructure perimeters, making differentiation between good and bad actors a top priority.

By implementing cyber recovery solutions and zero-trust security, healthcare systems can achieve a level of cyber resiliency that minimizes the negative impacts of cyberattacks and ensures the business continuity necessary to deliver high-quality patient care.

The current threat landscape

Health data breaches have steadily increased in number over the past few years. According to Critical Insight, total breaches numbered 679 and impacted roughly 45 million individuals in 2021 alone, up from 369 incidents affecting 14 million individuals just three years prior. And while business associates and health plans have begun to become targets for bad actors, approximately 75 percent of the health data breaches in 2021 impacted providers, with hackers preferring ransomware attacks over others.

According to a Department of Health & Human Services Cybersecurity Program report on ransomware trends, the healthcare and public health (HPH) sector became an attractive target for ransomware actors in 2021. Of the 82 ransomware incidents occurring during the first half of last year, 48 percent targeted the US health sector. For nearly three-quarters of these incidents, victim data was leaked. For 44 percent of all HPH organizations worldwide between January and February 2021, less than half (44%) were able to use backups to restore their data.

The challenge facing providers

With cyberattacks becoming a matter of when, not if, and hybrid workforces needing access to data and applications, healthcare organizations can no longer trust traditional approaches to safeguarding mission-critical IT infrastructure from unauthorized access and downtime.

According to industry experts, Cerner EHR technology is a vital tool for a quarter of both the acute and ambulatory markets, many of which use on-premise IT infrastructure to manage data, applications, and other services.

When systems go down, there are real implications for patient care and business operations, according to Dell Technologies Technical Account Manager and former Cerner engineer and architect John Borchardt.

“Being a healthcare entity is a vulnerability. These organizations have data that hackers prefer and more have been hit but have not made the news,” he said. “But when their systems are down, their organizations are not making money. And when they get in the news, they receive a hit to their reputation that patient data isn’t safe with them,” Borchardt added.

A significant problem stems from both a lack of internal knowledge among provider organizations regarding the value of and approaches to data loss prevention (DLP) and a growing recognition that bad actors are already inside the system.

“There will be people that know the network security. They have their wireless networks and firewalls locked down. But what do they know about malware? What do they know about vulnerabilities for just about every ransomware, namely DLP and the people inside the building? Vulnerabilities that have existed for five or ten years, or longer in some cases, are still rampant in healthcare. For example, Windows 2000, Windows NT, and similar operating systems still exist in some data centers today,” Borchardt emphasized.

Keeping pace with new and emerging threats from malware poses a significant challenge. Zero-day threats mean no guidance to fall back on, and data could quickly end up in the hands of a bad actor without notice. Getting systems back online could take weeks or months without proper preparation. The onus is on healthcare organizations to anticipate these events and put in place systems and procedures that limit the damage they cause and streamline the process for getting back online.

Cyber recovery and resilience

Cyberattacks represent a real threat to healthcare organizations that need access to timely and accurate data to deliver effective care to the patients and communities they serve.

According to Borchardt, determining the right data and systems for creating backups is an important decision to be made when developing a cyber recovery plan. The most important data resources to protect are often tied to an organization’s biggest streams of revenue. Data tied to the EHR, patient and employee safety, and crucial infrastructure like lab and pharmacy systems are clear starting points.

Getting back up and running is its own undertaking. That’s where the recovery point objective (RPO) and recovery time objective (RTO) become significant factors. RPO represents the point in time an organization can recover to in the event of a disaster, which depends on the frequency of data backups (the more frequent the backup, the smaller the data loss). RTO is the amount of time necessary to get systems back online following an outage to prevent the impact of downtime.

By leveraging advancements in data vaulting and recovery with a strategic technology partner, Cerner healthcare organizations can help to manage the impact of an unplanned outage and restore services efficiently to prevent further data loss. Particularly, a modern cyber recovery solution enables physician groups, hospitals, and health systems to have access to clean and protected copies of their most vital workloads.

First, data isolation and governance ensure that the Cerner health system’s backup remains disconnected from corporate and backup networks and limits user access to only those with proper clearance. Second, the ability to automate data copying using an automated, operational air gap secures the copy of the healthcare data from both the production and backup environments. Third, the use of intelligent analytics and tools will allow healthcare organizations to determine whether data has been corrupted by malware or other forces and prompt remediation. Fourth, these organizations will benefit from workflows and tools that simplify the recovery process following an event using state-of-the-art dynamic restore processes and an organization’s existing procedures. Lastly, a strategic partner should be able to work alongside Cerner to determine the data sets, applications, and other assets that are critical to restoring services and reducing data loss.

“Backing up your data, that’s a 1990s plan, and honestly, that plan hasn’t improved much as it pertains to data vulnerability,” Borchardt maintained. “Today’s active-active systems and mirroring and massive data bandwidth help with system availability, but you still need to protect against data loss in all its forms.”

While cyber recovery solutions allow Cerner EHR shops to bounce back from ransomware and destructive cyberattacks, implementing a zero-trust environment also has a key role to play in minimizing an intruder’s potential to move laterally once inside a network.

With more organizations having to support a remote workforce, zero-trust models — described by NIST  as “the premise that trust is never granted implicitly but must be continually evaluated” — have the potential to allow good actors access to data and applications while persistently requiring bad actors to prove their authenticity and validity of their request.

While core components of zero trust can be incorporated into existing environments — from policy engines, administrators, policy enforcement points to threat intelligence feeds, public key infrastructure, and security information and event management systems — experts agree that the closer the zero-trust environment is to the technology it’s protecting, the more effective it is. Therefore, working with a technology partner that manufactures its own hardware and software with zero trust built-in becomes ideal.

Supporting Cerner healthcare organizations with cyber recovery and resilience will help providers to continue to deliver care based on data-driven insight. When a healthcare organization makes efforts to protect its mission-critical systems proactively, it can truly claim to enable continuity of care across the entire patient care ecosystem.


Dell Technologies provides transformative solutions that help healthcare-life sciences organizations prepare for the road ahead - from the point of care to the core to the cloud. From the world’s leading healthcare systems to rural health clinics, we offer essential infrastructure solutions to help you achieve business and clinical agility. Visit us at

Dig Deeper on Health IT optimization