AWS for Industries

Strengthening EHR Resilience with Isolated Recovery Environments on AWS

In today’s healthcare landscape, protecting electronic health record (EHR) systems from unplanned outages due to ransomware, natural disasters, or even human error is becoming more important than ever, as any downtime can affect care delivery and put patients at risk.

And, it’s not just care delivery that is affected. The Ponemon Institute estimates that healthcare organizations lose an average of $7,500 per minute of downtime. That’s $450,000 for a one-hour outage, and when you factor in other indirect costs like reputational damage, patient safety risks, regulatory penalties, and the long-term erosion of trust, the true cost can be significantly higher.

As healthcare organizations increasingly rely on EHRs for their clinical operations, implementing an isolated recovery environment (IRE) has become essential. This blog will help healthcare organizations understand the importance of IREs and leverage Amazon Web Services (AWS) to build and maintain effective IREs for their EHR environments.

Understanding the Critical Role of Isolated Recovery Environments

An IRE serves as the last line of defense against catastrophic events, including ransomware attacks and natural disasters that could compromise your primary EHR environment. Unlike traditional backup solutions, an IRE maintains an air-gapped copy of your system, ensuring that critical patient data and operational capabilities can be accessed even in worst-case scenarios. This is often the last stop before complete system isolation.

According to HealthcareIT News, each day of downtime due to ransomware costs healthcare organizations an average of $1.9 million, with the average attack lasting 17 days. Having an environment in the cloud, separated from the rest of your environments, can give you peace of mind. It provides you an option in the event that access to production and disaster recovery are unavailable, even during ransomware attacks.

Additionally, we’ve found that organizations who implement an IRE in the cloud have been able to renegotiate with their cybersecurity insurance providers to lower their premiums. This allows healthcare organizations to not only prevent losses, but actually cut current costs, all while protecting patient data and access to care.

When implementing an IRE for EHR on AWS, several crucial elements work together to create a comprehensive recovery solution:

  • Physical Isolation – AWS provides the infrastructure to create truly isolated environments through:
    • strict network segmentation
    • controlled cross-account access mechanisms
    • physical separation of backup storage
  • Secure Data Transfer – AWS enables secure, controlled data movement through:
    • one-way data transfer protocols
    • automated backup verification processes
    • immutable backup storage
  • Rapid Recovery Capabilities – our architecture supports:
    • automated recovery procedures
    • regular recovery testing protocols
    • rapid infrastructure deployment using AWS CloudFormation
    • scalable compute resources for emergency operations

How AWS can help

The first step is to contact an AWS Representative to discuss your unique needs and learn how we can help secure your critical EHR data in an IRE.

AWS is the most secure, compliant, and resilient cloud for healthcare with the highest network availability of any cloud provider, and offers more than 166 HIPAA-eligible services. With AWS, healthcare organizations not only get the best public cloud for healthcare, but also an extensive partner network and access to AWS Marketplace, a curated digital catalog that enables organizations to discover, purchase, deploy, and manage third-party software, data, and services (including IRE consulting services) that integrate with Amazon Web Services (AWS).

Conclusion

Access to patient data must always be available; the risk to patients and healthcare organizations due to downtime is immense, as downtime in healthcare systems can disrupt patient care, delay critical treatments, and result in severe financial and reputational damage. In such high-stakes environments, an IRE acts as a safeguard, ensuring that patient data remains secure, accessible, and resilient against both external and internal threats.

Further Reading

Matt Dinger

Matt Dinger

Matt Dinger is a leader on the Worldwide Public Sector Global Healthcare team at AWS. He has over fifteen years of healthcare and EHR experience including nearly a decade at Epic, but as a person living with type 1 diabetes, approaches all situations as a patient first. He loves keeping customers happy and believes that implementation and customer success processes should be as innovative and dynamic as the technology itself. When not working with customers, he enjoys volunteering in health advocacy initiatives as a member of the board of trustees for T1International and spending time with his husband.