CASE STUDY

Kasugai Municipal Hospital Achieves an Immutable and Cost-Efficient Backup and Restore Environment with Wasabi

Kasugai Municipal Hospital provides medical services as a core hospital in the region. It is also designated as a disaster base hospital, aiming to provide careful medical care that meets diverse regional medical needs as a municipal hospital. As a core regional hospital, it is required to continue services reliably not only in normal times but also during disasters. Therefore, ensuring the reliability and availability of IT systems, including electronic medical records, is extremely important. In recent years, there have been cases where hospital systems were hit by ransomware, forcing them to suspend medical services. At Kasugai Municipal Hospital, strengthening ransomware countermeasures had become an urgent task. To address this, they introduced "S-iDC Backup Service with Wasabi" provided by NEC Networks & System Integration Corporation.

Challenge

Ransomware attacks targeting hospitals have been occurring one after another, resulting in situations where medical services have been suspended for extended periods. Each medical institution is taking countermeasures by referring to the "Guidelines for Safety Management of Medical Information Systems" issued by the Ministry of Health, Labor and Welfare, among others. However, at the Kasugai Municipal Hospital, the number of staff responsible for the information system, including Hayato Baba of the Information Management Division of the Medical Information Technology Center, is small. With limited resources, Baba wanted to ensure high security and implement it at an appropriate cost. In addition to the guidelines, he also referred to the Cybersecurity Framework (CSF) established by the National Institute of Standards and Technology (NIST) in the United States.

For public hospitals, if these expenses exceed budget, an application for additional budgets is required. With Wasabi, since there is no charge for retrieving data, it is possible to operate a backup system within the allocated budget.”

– Hayato Baba, Information Officer, Administrative Management Division, Medical Information Technology Center, Kasugai Municipal Hospital

The NIST CSF divides the steps to be taken into identification, protection, detection, response, and recovery. In the inventory of existing security measures, "response" and "recovery" were deemed insufficient. Traditionally, backups were taken on tapes and stored offline on-premises, but there were concerns about cyber attacks and natural disasters that could affect the entire region. They wanted to make the backup data immutable and copy it to a remote location to improve safety. Additionally, they needed to operate this system reliably with limited resources. After comparing several methods, they chose the S-iDC Backup Service with Wasabi.

Solution

The deciding factor was that Cohesity's backup solution can achieve high data compression rates and immutable backups that cannot be overwritten, and also that the 24/7/365 operation and management can be entrusted to NEC Networks & System Integration Corporation. By combining this with Wasabi, data can be securely backed up to the remote cloud location, protecting important data assets not only against ransomware but also in the event of a disaster.

Furthermore, according to Baba, "By combining it with the easily scalable Wasabi, we can store multiple generations of backup data at a very low cost, which was also a positive factor in our decision.” If we were to secure long-term, multi-generational backup data on-premises, it would require facilities such as space, power, and air conditioning, as well as additional operational processes. However, the fact that Wasabi does not require any of those was also an evaluation point.

Other hyperscalers were also options, but Wasabi was judged to offer a high cost-performance ratio. In terms of security and reliability, we confirmed that Wasabi has an availability SLA of 99.9%, and its data durability is an extremely high 11 nines (99.999999999%). On top of that, Baba says, "The fact that Wasabi has a data center in Japan was also reassuring."

In the case of hyperscaler cloud storage, it doesn't cost much to put data in, but it costs a lot to get data out. If an incident occurs and you need to retrieve data from the cloud to recover, it can be quite costly if the data is large. "For public hospitals, it's difficult to make a sudden budget request for that," says Baba. With Wasabi, on the other hand, you can retrieve data whenever you need to. Being able to operate the backup system within the budget is considered a major advantage.

Results

A new backup mechanism was decided to be introduced in mid-July 2023, including hardware delivery, network construction to Wasabi, and data recovery testing, and it took about 3 months to prepare, with the system going live on November 1. In Japan, many of the attacks on hospitals by ransomware have occurred around Halloween on October 31 in the past, and the measures taken until then were targeted at a single threat. Although the implementation was in a very short timeframe, the coordination between vendors by Baba for many siloed backup targets went smoothly, with no technical difficulties, and progress was made extremely quickly. The integration between Cohesity and Wasabi also went smoothly, including securing the lines and firewall support.

Once up and running, the dashboard allows the backup status to be visualized and daily reports to be checked, providing a high level of peace of mind, according to Baba. We have also conducted a recovery test and confirmed that the backup data can be recovered without fail. With a hyperscaler instead of Wasabi, we would have had to pay extra for a restore test," Baba pointed out.

Kasugai Municipal Hospital has other important data, such as radiological imaging data, which are also being considered for backup to Wasabi's cost-effective and secure backup system. “It is said that an air gap is necessary to ensure data security," said Baba. Although networked clouds are not strictly air-gapped, they can be considered as long as they are immutable," said Baba.

S-iDC Backup Service with Wasabi is provided as a package and is easy to implement and hassle-free to operate. On top of that, it is safe, scalable, and inexpensive. The remote storage of the Wasabi system also helps to prevent natural disasters, and Baba reiterates that it is a system that is easily understood by management.

Want a PDF of this case study?

Download the PDF