Why Healthcare Organizations Should Implement an IRE for Epic

Key Takeaways

Organizations are increasingly using Isolated Recovery Environments (IREs) as a defense against rising ransomware attacks.
Epic’s unique IRE implementation utilizes IRIS mirroring technology, facilitating quick recovery without traditional vaulting.
Health systems must consider authentication challenges and new options, including OpenID Connect for easier multi-factor authentication.

Understanding Isolated Recovery Environments (IREs)

As ransomware continues to be a growing threat, organizations are turning to innovative backup solutions that go beyond traditional disaster recovery methods. This shift emphasizes the need for isolated recovery environments (IREs), clean rooms, and vaulting. Vaulting refers to storing backups at air-gapped, third-party locations to protect them from cyberattacks or disasters.

When recovery is necessary, a clean room serves as a secure space where teams can safely analyze systems and data to ensure that backups remain free from ransomware. Once they confirm the integrity of the data, the IT team can utilize the IRE to restore essential operations, allowing select users to resume work while full production capabilities are restored at a later stage.

Epic has introduced a specialized version of the IRE that operates differently from standard implementations. Their approach leverages IRIS mirroring technology for real-time disaster recovery, thereby omitting vaulting altogether. This allows Epic to keep data in sync with production systems, although in the IRE, integrated third-party applications are unavailable. This streamlined setup focuses solely on essential data access for ongoing operations, patient care, and revenue generation.

For healthcare organizations planning to set up an Epic IRE, several considerations should be prioritized. A key decision involves whether to adopt an Epic-hosted IRE or self-host in the cloud. Many health systems favor the cloud option for its scalability and lower upfront investment, providing a flexible alternative to traditional infrastructure.

Furthermore, organizations should prepare for the challenges presented by Active Directory, which is commonly used for authentication in Epic systems. In the event of a cyberattack, Active Directory may become inoperative, leaving organizations with a third-party version of Epic but lacking a secure method for logging in. One solution is reverting to Epic’s native authentication; however, this would likely require extensive password resets and could limit multi-factor authentication options unless previously activated.

A more recent alternative includes Epic’s introduction of OpenID Connect, integrating with platforms like Okta or Microsoft EntraID for enhanced multi-factor authentication. Though adoption has been slow this year, expectations are high that more organizations will transition to this solution in the coming years, as it simplifies access management and aligns with current identity maturity models.

Overall, the rapid evolution of ransomware attacks necessitates that organizations prioritize innovative recovery solutions like IREs, streamline their authentication processes, and adapt their operational strategies for heightened resilience against cyber threats.

The content above is a summary. For more details, see the source article.