The only thing better is if you have a SPECIFIC need or troubleshooting and you need world class experts to follow you in a thread, then you need Experts-Exchange. Just as an idea, I have 600 questions in EE (there is a $9.99 subscription), but there is tons of information on it. And, if your problem is fixable, they will fix it. And, start in about 20 minutes or less.
How long of a backup history should you keep?
My backups go back three years, but that is due to a weekly backup to a 3TB drive using SIS. I just take the drive home after a year and rotate them.
My normal backups of the server go back six months. Sure, you really want the file from yesterday, and you wouldn't restore from six months ago, but it is nice to be able to go back and get a file from a long time ago. Say you made a spreadsheet which took you hours to do. Then, you stopped using it. One day, you just delete it. Three months later you need it. You have it in your normal, daily backup. And, you definitely have it from two years ago. Storage is CHEAP. But, this doesn't answer your question.
Since ransomeware slowly corrupts files before we know it is there, how long is enough to go back and get unencrypted files? How long between infection and detection? Imported Items?
First, let's look at database backups and your OS backup, etc. While it's nice to be able to do a bare-metal backup (just go with it for now -- I know bare metal isn't perfect, but it will save your [censored]), and have your entire server back to square one, you really don't need the OS backup as it can be installed again with the data restored separately. This is why it is nice to partition your server or have actual different drives. This is why it is nice to back up everything, but also back up just the data. But, if you used a back from two weeks ago, you could handle the hit to the OS, but you would lose hundreds of patient encounters and files and labs and II in that time. Not to mention your billing. Information like an AC backup or a Medware backup is meant to be used in one chunk. Like I don't keep many more than five AC backups, because that is too much data to lose. I depend on my full backup.
So, how far to go back? You want to go back pretty far for your full backups, but only two or three days is important for billing, and AC, etc. II is a little different, because if you have a backup two weeks old, and it has pristine II, that will be about 98% of your II.
So, the way I look at it is:
1. I want to get back up and running quickly: Full image backups with bare metal CDs to boot from. These go way back.
2. Crucial database information that would cause me to go out of business:
-- AC -- II -- Billing
I want good backups from one to two days before.
While AC could be backed up online, if you back it up locally, you want to back it up every evening to an external drive. A drive letter is bad. But, just make sure you disconnect it. Ransomeware hasn't evolved enough to jump through the air and attack it. If you have two USB drives, unplug one. If you get home and forget, remote in and disable the driver. But, I would guess if you had all of AC from that day and all of your billing and scheduling, you would survive.
Now on the infection/detection. Ransomeware can encrypt your files in under a minute. Sometimes longer, but usually never longer than a day. Once it starts, you likely can't stop it. But, the actual infection happens sooner. It generally gets on your machine, makes some registry keys and his somewhere like a user profile. But, the trigger is generally something like a restart or logon. It doesn't take long. It won't be days to weeks. The hacker wants your money and doesn't want your A/V to pick up the file. Eventually, the A/V companies make definitions for these.
Two things you can do. Educate like crazy. Also, they are starting to make ransomeware detection software with the A/V suites. They are known as zero-day detection. They aren't looking for DNA or signatures, because the malware may have been made today. They are looking for a small program that is doing things that don't appear right. Such as making random registry keys. Or even if they start randomly encrypting five Word documents in a row. You can Google these. I have one from MBAM and one from HitmanPro.Alert.
But, mainly back up AC and your billing and anything else mission critical to an external drive and disconnect it. You can also back these up online. I can't say for sure that even online backups are safe. The AC backup is done via incremental. Really nice ones would be ones that back up Backup1, then Backup2, etc. so that Backup1 isn't exposed to the public.
Authenticating VMs on v9.1
Good question. We have been told some of what the new install looks for. I am going to say it is the same. A virtual machine is basically a completely new machine, although it does use the hardware of the computer. However, I believe it is more registry based or something about the VM. If the computer never had SQL, then it likely won't install without authentication. VM would just as easily. That is my understanding.
Veeam or other:
I am all about spending money. You would have to spend at least $1,450 to backup SQL. Around $2400 for the whole deal. It is a good way to go. But, there are other backup programs like Macrium and BackupAssist that are much cheaper. But, think about it.
Sandboxie:
Never heard of it. Googled it. It looks like a VM that just fits on the drive. There is also software called Currentware that allows your staff to use only the sites you choose. Inexpensive, bulletproof and the best support ever.
