Top concerns healthcare organizations have about Office 365 backup

Data protection is an important issue for all organizations because the penalties for getting it wrong —both legal and reputational—are severe. But for healthcare organizations, the safe and secure handling of sensitive patient data is even more crucial.

Barracuda’s worldwide survey of IT decision makers highlights some of the concerns that organizations are facing when dealing with Office 365 backup and restore capabilities.

The huge shift to virtual work, accelerated by the COVID-19 pandemic, has made this more of an issue than ever, with an increased healthcare reliance on Office 365. Care teams needed to be able to collaborate/consult while protecting sensitive data. Microsoft Teams was crucial for enabling virtual healthcare visits and consulting with colleagues. Even healthcare companies that were using Office 365 before 2020 greatly expanded their use. For example, MultiCare, a Washington state-based healthcare company with 10 hospitals and over 290 clinics had to transition over 2,000 of their employees within days to working from home back in March 2020. And that was just their office employees. Clinicians and other healthcare workers had to be able to consult and share data—without being in the same room.

But this huge growth in usage and associated data has brought with it problems with protecting and backing up data. Many organizations assumed such services were automatically enabled, but in fact Microsoft itself recommends the use of third-party backup solutions to provide full protection. Despite this, only about one in three people we polled use a third-party backup solution. While some Microsoft native retention is provided, it does not offer granular recovery nor is it as easy to use as IT decision makers would like.

The survey revealed a range of concerns that varied by industry type and by country.

Top backup concerns for healthcare professionals

Ransomware was a particular concern for healthcare professionals, with 75 percent stating they are concerned about ransomware attacks on Office 365, compared with 70 percent across all industry sectors. Just under half of all organizations admitted to falling victim to ransomware attacks themselves. A shocking 63 percent of people surveyed knew an organization that has had data held for ransom and has struggled with recovery.

Despite these figures, and despite specific concerns around Office 365, the vast majority of those surveyed still depend on out-of-the-box retention tools from Microsoft. We found that 65.5 percent of all organizations rely solely on built-in Office 365 data retention tools, with an almost identical percentage of health organizations agreeing. This is a serious misunderstanding of what is in the Microsoft Terms and Conditions. Microsoft says they are only responsible for the availability of the service and do not accept liability for the backup of customer data. This is a huge security hole that most healthcare providers are not aware of.

Geo-residency, or where an organization’s data is stored, was another particular concern for healthcare providers. Our survey found that 73 percent of respondents in healthcare organizations were very or somewhat concerned about data being backed up outside their geography, compared to 66 percent of those in other industries, which is perhaps not surprising given the extra sensitivity of medical and patient data reflected in many countries’ regulations and expensive fines.

Turning to cloud-native backup

The answer these organizations want is a cloud-native, software-as-a-service backup and restore service that’s easy to use and quick to get up and running — the very same reasons that led them to choose Office 365 in the first place. Remote healthcare requires these collaborative tools.

The survey’s global reach also highlighted some interesting regional differences. A full 57 percent of U.S. respondents stated that they experienced a ransomware attack at their organizations, compared to just 7 percent of Japanese and 14 percent of Australian respondents.

The survey was carried out by independent market research firm Centropy on behalf of Barracuda. Researchers spoke to 1,828 IT decision makers at organizations with more than 50 employees in the UK, U.S., EMEA, and Asia-Pacific. The survey was conducted in January 2021. You can download the full report here.