Healthcare and public administration rely on IT infrastructures that must protect the most sensitive personal data while operating without interruption. The lecture summarized what is considered good practice today—from backups following the 3-2-1-1 rule to hybrid and sovereign cloud. It also covers the risks, especially ransomware, and the steps to address them realistically.
Best practices: availability, backups, security, and compliance
Cloud does not mean only large global providers; in practice it is about connecting your own data centers with the public cloud through unified management. Such a hybrid approach allows you to move data where it makes sense—keeping critical data on‑premises while flexibly leveraging cloud capacity. The goal is a scalable and resilient architecture with consistent governance, not an “either-or” choice.
Without backups and disaster recovery, any architecture exists only on paper. The industry standard is the 3-2-1-1 strategy: three copies of data on two different media, one copy offsite, and one immutable that cannot be overwritten. Equally important are regular recovery tests, because the purpose of backup is to restore operations in a real and controlled way. And finally, security measures and ongoing compliance with evolving data protection rules must be automated and verifiable.
Trends and threats: sovereign cloud, AI, and defense against ransomware
Worthy of attention is the sovereign cloud, which enables the use of the public cloud in a way that ensures data do not leave the country’s borders. This is achieved by deploying the same cloud architecture in local data centers without external connectivity. Artificial intelligence also has potential for routine, list-driven decisions, where it can accelerate services for patients and citizens. Automated data-sharing mechanisms and a digital identity ecosystem are also important, so that only an authorized person can access the data.
The biggest obstacle to progress remains ransomware, which also targets healthcare and public administration. According to data from the lecture, 41 % of organizations experienced an attack in the last two years, and damages in the first half of 2023 climbed to 265 billion dollars, with both sectors among the five most frequent targets. Defense rests on regular system updates, strong firewalls and intrusion detection, reliable backups, and employee training against phishing. Unified standards across all endpoints are essential; otherwise, the weakest point will remain open to attackers.
