Druva Helps DMS Health Recover From Attack In Days and Keep Patient Operations Afloat

DMS Health Technologies is one of the country’s largest providers of mobile imaging equipment and accessories. DMS owns and operates a full line of mobile MRI, CT, Cath Lab, PET/CT, and Nuclear Medicine equipment to meet all their clients’ diagnostic imaging needs.

Joe Sise is the Vice President of IT at DMS Health Technologies and is responsible for the IT and security teams. The DMS environment used Microsoft Azure Cloud Backup for Microsoft Windows and SQL servers.

He recalled that it took two and a half months to figure out why Azure Backup was not backing up their MS SQL server machines. Sise shared, “It felt like Microsoft was not interested in fixing the backup issues for us." Not to mention, the restoration process with Microsoft was cumbersome. The team noticed that when they would restore a server and fire it up, the data would not be for that server. It was almost like the Microsoft tool didn’t know what backups the DMS team had. 

Of course, the team is responsible for more than MS SQL Server data. They also need to protect other vital corporate data, as well as a new Salesforce instance. Mason Schweinsberg is a Systems Administrator who reports to Sise. Among other duties, Schweinsberg is responsible for the day-to-day backup and recovery operations. With Azure Backup, Schweinsberg had to go into each virtual machine to perform a backup.

Sise learned about Druva from a Google search and Gartner research including Peer Insights reviews and the Magic Quadrant. DMS then chose Druva to protect their data as part of the AWS Independent Software Provider (ISV) Workload Migration program. This ensures protection for the extensive MS SQL Server environment and other hybrid workloads like Windows Servers as well as a new Salesforce instance. 

The most recent addition to the Druva investment for DMS is the advanced security features, including Accelerated Ransomware Recovery. These features ensure DMS can recover efficiently and effectively in the event of an attack.

Once the team implemented Druva, Sise reports, “Right out of the gate Druva started backing up our MS SQL the way that we needed. As far as that changing our lives, it made me be able to sleep a bit better at night."

Since Druva is a SaaS platform, the team is able to protect all of their servers and Salesforce instances via a single platform. Schweinsberg said, “It’s so nice to have everything under one roof with Druva, where we can select to restore or back up any and all devices at the push of one button. It’s saving a lot of time compared to going into each individual server."

Sise also reflected that if they couldn’t get to their servers for some reason, it’s a comfort that Druva operates and stores their data outside of their environment. He said, “Because Druva is a SaaS tool and their data is elsewhere, that also makes me sleep better at night." 

Shortly after getting the Druva solution set up, DMS faced a ransomware attack. Sise said that next, “Our backups had been deleted, and the data was no longer available in production.” This meant that somehow, the entire production environment needed to be rebuilt.

Even though Druva had only been in place a few days, it had backed up all the systems. And those backups were not stored in the production environment. Instead, they were stored behind an air gap on the Druva Cloud. According to Sise, “Druva’s air gap capabilities were our saving grace during our cyber-attack incident." 

Sise was very appreciative to have a partner like Druva to work with them through the recovery process. Sise said, “The Druva team was a godsend during our recovery process, there with us through every single step. And that made a very stressful process a little bit better.” He continued, “With Druva, we knew we had somebody behind us backing us up. We weren't just standing alone." He continued, “I shudder if we had still been on Azure, because of the number of help desk tickets we would send to them that they didn't [seem to] really care about."

Sise and the DMS forensics team worked together to perform a sandbox recovery with Druva. They restored the backups from the Druva Cloud to a secure DMS location. Next, the team scanned the data with SentinelOne to be sure that it hadn’t been compromised. Schweinsberg was appreciative that the Druva team was assisting them with the recoveries, especially since they were new to the platform. He shared, “I was impressed that the Druva team opened up a plethora of tools for us to demo and try while we were recovering all of our data.”

Fortunately, a third-party forensics investigation determined that no data that was exfiltrated from the DMS system.

Sise is in the process of building a recovery playbook with Druva as a key vendor partner. They’re planning to use Druva integrations and APIs to share data with other tools used in their environment such as EDR and SIEM tools.

Using the breadth of Druva features allowed the DMS team to perform a 100% data recovery quickly and confidently. The experience led them to see the long-term value in the advanced ransomware protection and recovery features Druva offers.