Ransomware Recovery for Hospitals – with Epic Read-Only on AWS

| Author , tagged in Epic EHR
Cloudticity, L.L.C.

Last year, 66% of hospitals experienced a ransomware attack. When an attack strikes, the typical solution is to shut the electronic health records (EHR) system down, including disaster recovery (DR) and reporting environments, which disables the attacker’s ability to execute the attack. Unfortunately, this also disables clinicians ability to access important data needed to carry out their job functions.

It’s well known that care quality suffers when the EHR is down. There have been documented instances of patient deaths attributed to ransomware attacks, and one report found that mortality rates increase due to attacks.

So, if shutting the system down is not an option, what can you do? How can you enable business continuity and resilience, while still maintaining the security of patient data during a hospital ransomware attack?

In this blog we’ll detail a new ransomware solution for hospitals using Epic that some healthcare organizations are leveraging today to maintain operational resiliency using AWS.

How Can Hospitals Improve Ransomware Recovery?

Using the cloud read-only solution on AWS, hospitals can maintain access to Epic production data, while still defending against the attack.

What is Cloud Read-Only for Ransomware Protection in Healthcare?

Cloud read-only is a hospital ransomware solution for Epic on AWS that helps organizations maintain access to patient data while still keeping the attacker out. It involves running a read-only copy of Epic and supporting infrastructure on AWS. 

When hospitals identify credible indicators of a ransomware attack, they can turn off Epic production, reporting, and DR and spin up the cloud read-only environment in minutes. The environment will be seconds behind production.

Why Cloud Read-Only for Ransomware Protection in Hospitals?

The Center for Medicare and Medicaid Service (CMS) requires that health systems have emergency preparedness plans. These plans often include business continuity access systems, read-only systems, and alternate production or disaster recovery systems. But unfortunately, these systems are almost always on the same network that the ransomware is, so during an attack they have to be taken offline too. That’s where the gap is, and that’s why cloud read-only (CRO) is so important. CRO does not live on your network. It is an entirely independent instance and can be accessed safely by clinicians during an attack to mitigate the threat of ransomware for hospitals.

What are the Benefits of the Ransomware Solution for Epic EHR?

As healthcare CIOs look to balance security with business continuity, cloud read-only is an excellent option for health systems looking to maintain operational resiliency during ransomware attacks on hospitals.

Here are the top benefits.

Increase Business Continuity and Resilience

Usually when hospitals are hit with ransomware, they’re forced to stop seeing patients. Oftentimes they have to transfer patients to clinics that are miles away, which can negatively impact health outcomes. With CRO, hospitals can continue normal business operations during ransomware attacks.

Access Epic Production Data During an Attack

Only when clinicians have access to historical patient data can they make the best healthcare decisions. When the EHR is down, they’re forced to rely on patients to relay their medical histories, but patients often miss important details, or worse, could be incapacitated and unable to communicate this. With CRO, clinicians can access critical information and continue to serve patients to the best of their ability, even when the production environment is down.

Protect Patient Data

For any hospital CIO who has dealt with ransomware, it’s understandable that there will be a degree of hesitation before shutting the system down. What’s more, it’s easy to succumb to pressures to turn it back on prematurely. However, this is a huge patient safety issue because shutting down too late or turning on too early can result in protected health information (PHI) getting in the wrong hands. CRO gives health IT leaders the confidence they need to protect patient data, shut down immediately, and keep the system down for as long as needed when ransomware is a threat to the hospital.

Reduce Cybersecurity Insurance Premiums

Cybersecurity insurance premiums are constantly increasing, putting pressure on health IT budgets. A report from Bloomberg found that premiums in the US surged 50% in 2022 as a result of increased ransomware attacks. But CRO can help. One hospital found that when it was able to demonstrate their resilience against ransomware and other natural disasters due to CRO, their premiums dropped dramatically.

Reduce Business Risk and Improve Security

It goes without saying that increasing your security profile against threats like ransomware reduces business risk for hospitals and health systems. When you implement CRO, you reduce the risk of becoming operationally crippled like we see in many healthcare cybersecurity attacks, you reduce the financial risk associated with having to pay off malicious actors, and you decrease the likelihood that you’ll be sued due to poor care quality or patient privacy issues.

In addition, you'll be more secure knowing that you don't have to choose between business continuity and security.

Satisfy CMS Requirements in Minutes Instead of Days 

CMS requires hospitals to have emergency preparedness plans that outline how they’ll deal with potential disasters, like cyber attacks, natural disasters, or other reasons for outages. But usually these plans involve losing access to the system for hours or even days. CRO allows healthcare organizations to access EHR production data within minutes of a ransomware attack, drastically mitigating the risk of ransomware for hospitals.

Reduce Recovery Point Objective

Recovery point objective (RPO) is a critical piece of business resilience, as it measures the maximum amount of time an organization can go without a data backup when recovering from a disaster. For many hospitals, RPO is measured in hours. But with CRO, the environment will be seconds behind Epic production, reducing RPO to mere seconds from the point of failure.

Onramp to Cloud-First Strategy

Most healthcare CIOs know that a cloud-first strategy lies in their future, but many of them can’t justify the cost and disruption that will incur when they decide to jump in. The cloud is incredibly reliable and performant, providing tons of out-the-box features that will modernize the technology stack, but to ditch the data center entirely merely seeking a better version of what they have is essentially fixing something that isn’t broken, which is why many hospital CIOs are dragging their feet on cloud. 

CRO is a great segway into the cloud for hospital information technology (IT) teams. It’s a relatively lightweight implementation with minimal interdependencies, and the business case is strong as it’s solving a new problem. Standing up a CRO can help your hospital IT team get comfortable using the cloud, creating the foundation for more cloud projects in the future.

What are the Drawbacks of Cloud Read-Only for Epic on AWS?

Although the CRO solution has many benefits, there are still limitations. For one, it’s a read-only environment, so while clinicians can access production data they can’t do anything to input new data or edit existing data. For two, while it can dramatically reduce RPO, it can’t do anything for the recovery time objective (RTO) of your network. That depends, frankly, on when the attacker gives up. And three, running CRO on AWS does incur extra costs.

Case Study: LCMC Health

The Challenge

LCMC Health wanted to improve business continuity and resilience as ransomware attacks increased across the healthcare sector. Additionally, its cyber insurance premiums had been going up about 60% per year since 2020, which was hindering its ability to invest in other projects.

The Solution

LCMC Health worked with Sapphire Health Consulting to implement a CRO solution for Epic.

The Benefits

  • Ransomware Resiliency. Clinicians can access Epic production data within minutes of shutting the EHR down.
  • Reduced RPO. The environment is seconds behind Epic production and can be activated in minutes.
  • Reduced Cyber Insurance Premiums. Reduced cybersecurity insurance premiums so much that this paid for the project.

Read more about LCMH Health’s CRO implementation for hospital ransomware here.


Why Choose AWS for Epic Cloud Read-Only?

AWS is a high performing cloud and a reliable cloud, offering multiple data centers around the world that you can use for hosting and backups. It has a lot of security and management features out-the-box and offers more HIPAA eligible services than any other cloud provider. 

It also provides landing zones, which are prebuilt, secure environments that you can use as a starting point for deploying workloads and applications.

How long does it take to implement cloud read-only?

For LCMC Health, the implementation took 8 weeks.

How much does Cloud Read Only cost to run?

For LCMC, the cost is less than one full time IT employee. 

Do Epic licensing costs increase as a result of the CRO environment?

No, Epic will not charge you more for licensing if you implement CRO.

Learn more about mitigating the threat of ransomware in hospitals with CRO for Epic on AWS, watch the on-demand webinar now.

Or schedule a free consultation today.


Schedule my consultation



Additional Epic on AWS resources:

About the Author: Eric Pennington is Director of Solutions Engineering at Sapphire Health Consulting. He is working with Sapphire Health to develop meaningful and innovative solutions in the infrastructure, cloud, and automation space.


saying no to ransomware woes - epic on aws 2 webinar


Subscribe Today

Get notified with product release updates and industry news.