Readers Write: The New Reality of Ransomware: Why Your Epic Environment Needs an Isolated Recovery Plan

The New Reality of Ransomware: Why Your Epic Environment Needs an Isolated Recovery Plan
By Bill Smith

Bill Smith is director of Epic practice at Cordea Consulting.

In early 2024, one of the nation’s largest healthcare payment and revenue cycle platforms was hit by one of the most disruptive cyberattacks in US healthcare history. For weeks, the industry watched as claims processing, pharmacy operations, and revenue cycle management were paralyzed. Providers couldn’t get paid. Patients couldn’t fill prescriptions. Some health systems resorted to writing down billing info on sticky notes while scrambling to find workarounds.

This attack was a wake-up call, not just for rev cycle teams, but for every CIO, CISO, and CTO who is responsible for keeping clinical systems online. If ransomware can take down a national clearinghouse for weeks, what could it do to your Epic environment?

“We Have DR,” They Said. “It’ll Be Fine,” They Said.

In 2024, over 180 confirmed ransomware attacks targeted healthcare providers, compromising more than 25 million records. Backups are encrypted. Disaster recovery (DR) plans fall apart. IT teams scramble for answers. The clock ticks, and patient care suffers. Hospitals and health systems limp through outages for weeks, rebuilding from scratch. We’ve seen it happen too many times.

For healthcare IT leaders, the stakes are higher than ever. When an attack disrupts access to Epic on prem, clinicians lose access to patient records, and operations grind to a halt. The organization also loses patient trust and revenue  to the tune of $1.9 million for every day of downtime, on average.

The truth is, traditional DR wasn’t built for ransomware, and it can’t guarantee Epic will come back online quickly or at all. It was designed for hardware failures, natural disasters, and short-term interruptions, not for sophisticated cyberattacks that can quietly compromise your environment, your production systems and backups, over weeks or months before detonating.

We’re long past the point where traditional backup and DR strategies are sufficient. This isn’t about fear, it’s about preparation. The rules of disaster recovery have changed, and the most resilient healthcare organizations are already adapting by setting up isolated recovery environments (IREs) that can keep them running when everything else grinds to a halt.

Enter the Isolated Recovery Environment

Think of an IRE as an Epic safety vault, completely separated from the turmoil outside. It’s encrypted, dormant until you need it, and updated in near real time with mirrored Epic data. When activated, it gives your organization rapid access to Epic Hyperspace via a public URL to enable basic electronic documentation. With standalone deployments of Interconnect and managed services like Kuiper all segregated in the IRE, this version of Epic is protected from the attack.

An IRE isn’t just another backup system. It’s a fully functional, secure replica of your Epic environment that’s cut off from production and the broader network, purpose-built to remain untouched during a ransomware attack. When (not if) ransomware hits, you can keep delivering patient care, even when your production environment is down.

Why AWS: The Business Case Beyond IT

Many organizations are turning to AWS as the platform of choice for Epic IRE, and with good reason. This isn’t just an infrastructure upgrade, it’s a strategic investment in business continuity and patient safety. For Epic on-prem systems, here’s how an IRE on AWS changes the game:

• Rapid recovery. Switch over to a functional Epic environment in minutes, not days.
• Real-time access to Epic. Clinicians retain access to schedules, notes, and secure chat, even mid-incident.
• Immutable data protection. Advanced network isolation capabilities with air-gapped, encrypted backups shielded from tampering or deletion.
• Operational continuity. Maintain patient care workflows and reduce revenue loss.
• Limited read/write access. Secure logging of patient data even during an attack
• Lower risk profile. A stronger recovery plan can lead to lower cyber insurance premiums.

You also get a cloud-native architecture that scales without breaking your budget, along with AWS’ unmatched security and compliance (146+ HIPAA-eligible services and HITRUST CSF-certified environments). Pay-as-you-go pricing minimizes upfront costs, and deployment is fast (you can go from zero to IRE in as little as 10 weeks)

An IRE on AWS doesn’t just protect data. It safeguards continuity of care. It provides your team with confidence and a sense of stability during a period of chaos when peace of mind is hard to find.

If your recovery strategy still relies on assumptions that backups will be accessible and that downtime will be minimal, it’s time to rethink that strategy. IREs aren’t the future, they’re what forward-thinking healthcare organizations are implementing right now because they’re tired of rolling the dice.

If ransomware’s coming for you (and it is), meet it with a tested, isolated copy of Epic in a fortified cloud bunker. An Epic IRE on AWS offers a proven, practical way to build ransomware resilience into your core IT operations. Because in today’s threat landscape, continuity isn’t just about recovering systems, it’s about preserving trust, safety, and care delivery under pressure.