Home

How a leading health insurer modernized data protection to support continuous care

For healthcare organizations, data protection goes beyond IT. As ransomware increasingly targets availability, backup and recovery are now critical to keeping care-related operations running.
Subscribe
4 min read
Joelien Jose
Joelien Jose
EVP & Global Delivery Head, Digital Foundation Services
4 min read
How a leading health insurer modernized data protection to support continuous care

In healthcare, ransomware is not only a . It is an availability threat with operational consequences that can affect patient care.

For healthcare organizations, the impact of a cyberattack is measured not just in downtime or recovery cost, but in delayed decisions, interrupted workflows and reduced access to critical information. That makes data protection central to operational resilience, particularly for insurers and providers managing large volumes of sensitive member and patient data.

This was the challenge facing a leading health insurer serving four million members across North Carolina. Its environment relied on legacy backup infrastructure built for a different era, at a time when ransomware tactics had become more sophisticated and increasingly focused on disrupting access to data rather than simply stealing it.

The wider healthcare sector reflects the scale of the problem. According to the Sophos State of Ransomware in Healthcare 2025 report, the average recovery cost for healthcare ransomware incidents exceeds $2 million. At the same time, the HIPAA Journal reported that 259 million Americans had protected health information compromised in 2024, underlining how aggressively attackers continue to target healthcare organizations. Sophos also found that data extortion attacks had risen sharply, while the proportion of healthcare organizations successfully using backups for recovery had fallen significantly.

For organizations responsible for health-related operations at scale, these are not abstract statistics. They point to a growing gap between modern ransomware tactics and older backup approaches.

Why legacy backup models increase healthcare risk

In healthcare, backup and recovery are closely tied to continuity. When systems become unavailable, the effects can be felt across claims processing, care coordination, treatment planning and member services. That is why legacy backup models have become increasingly difficult to justify in a ransomware-heavy threat environment.

For this insurer, the issue was not simply that its infrastructure was aging. It was that key parts of the backup environment were fragmented, manual and slow to recover. The organization was managing 220,000 legacy backup tapes across multiple disconnected systems. Physical media increased complexity, created recovery delays and left gaps in protection at a time when ransomware actors were specifically adapting to target backup environments.

Testing also raised concerns about whether critical systems could be restored quickly and reliably under attack conditions. The business needed a more modern data protection model that could reduce risk, improve visibility and support recovery at the speed the organization required.

How the data protection model changed

The transformation focused on replacing legacy tape-based infrastructure, unifying protection across environments and improving recovery readiness. To support this, the insurer partnered with HCLTech to modernize its backup architecture, simplify operations and build a more resilient data protection foundation.

  • Moving away from tape-based infrastructure

A central part of the was the move away from tape. The organization replaced its legacy tape-based setup with a more integrated architecture spanning on-premises and cloud environments, removing a major source of complexity and delay.

This shift helped reduce the vulnerabilities associated with physical media and created a more continuous model of protection. Backups became more automated, more consistent and easier to manage across the environment.

  • Creating a unified protection platform

The transformation also introduced a more unified platform for backup and archiving across databases, virtual environments, storage systems and operating environments. Rather than relying on multiple fragmented tools, the organization moved to a single platform designed to give operations teams better visibility and more consistent control.

That included broader insight into where data resided, how it was being protected and where redundant or sensitive information needed to be managed more carefully. A more centralized view made it easier to apply governance consistently across the data estate.

  • Improving recovery readiness

Recovery capability became a much more explicit part of the operating model. Backup windows were reduced by 50%, helping narrow the periods in which incomplete or delayed backup activity could create additional exposure.

Recovery processes were also tested more rigorously, with restore options available at different levels depending on operational urgency. The organization achieved 100% backup success rates, strengthening confidence that protected data could be restored when required and reducing the risk of gaps in recoverability.

  • Strengthening resilience while reducing cost

The move to a fully tapeless system also supported broader resilience and cost goals. Data and applications could be replicated from on-premises environments to AWS, creating a stronger hybrid protection model and removing the operational overhead associated with managing physical media.

Retiring 220,000 tapes reduced both complexity and cost, contributing to an 80% reduction in data protection-related costs. It also enabled the organization to move long-term retention workloads into the cloud, supporting compliance requirements without the burden of maintaining legacy infrastructure.

Why data protection now plays a direct role in care continuity

In healthcare, the effectiveness of data protection is measured less by whether backups exist than by whether systems can recover quickly and reliably when they are needed. That is especially true in a ransomware environment where attackers increasingly try to undermine the recovery process itself.

For this insurer, modernizing the backup environment helped shift data protection from a fragmented, reactive model to one better aligned with operational resilience. The result was not only stronger protection against ransomware, but a more reliable foundation for the data availability that healthcare operations depend on every day.

The underlying infrastructure may sit in the background, but its role is increasingly central. When care-related systems rely on continuous access to trusted data, backup and recovery become part of how healthcare organizations protect service continuity as much as how they protect information.

Read the full case study .

Explore the smarter way to the cloud

Learn more

Explore the digital path forward

Learn more

Get HCLTech Insights and Updates delivered to your inbox

Subscribe
Blueprint

The Blueprint to AI-led Operating Model

Learn more

Tags:
Healthcare
Cybersecurity
Hybrid Cloud
Insurance
Healthcare Payers
Share
copy-link Copy link copied!

Related Content

From pilot to practice: What public sector healthcare digitization needs now
| March 26, 2026

The next chapter of digitizing public sector healthcare services will depend on scaling proven ideas through better workforce engagement, smarter procurement and stronger interoperability

How digitization can give every patient a megaphone in the public sector
| March 24, 2026

Public sector and healthcare digitization matters most when it gives patients more control, more responsive services and more confidence in how care is delivered

DFS Hybrid Cloud Article How a leading health insurer modernized data protection to support continuous care