Blockchain tech company ShelterZoom has a Spare Tire offering that is a zero-downtime continuity layer it says will keep hospital clinical operations running during an active attack.
It says this is a far better way to deal with ransomware attacks than a recovery-first model and wants US hospitals to adopt its approach instead of adopting a 72-hour window to restore systems after a cyberattack. This restoration window was proposed by the the USA’s HHS Office for Civil Rights (OCR) in late 2024. It issued a Notice of Proposed Rulemaking (NPRM) to strengthen the HIPAA Security Rule in this way. Affected health institutions would have to restore certain critical electronic information systems and data within 72 hours of a loss of functionality from ransomware, outage, cyber incidents or a system outage.
Chao Cheg-Shorland is a co-founder and CEO of ShelterZoom, and says: “The 72-hour restoration mandate assumes hospitals will go down. That assumption is the problem. We have the technology to keep critical systems running through an attack, not recover from one. If we’re serious about protecting patients, we need to stop optimizing for downtime and start eliminating it.”
ShelterZoom was founded in 2017 in New York City by Cheng-Shorland and President Allen (Amir) Alishahi, and produced software for real estate transactions using blockchain technology for transparent, paperless buying, selling, and renting. It expanded into general documentation certification with blockchain-based document tokenization to give users control over digital files, contracts, and content. The company now focusses on cyber-security in the healthcare, legal, finance, and government market sectors. Spare Tire was set up as a subsidiary in 2025.
How does SpareTire keep hospitals operating during a cyber attack? it runs as an independent external SaaS facility that continuously, or near-continuously, mirrors critical patient data and clinical workflows from the primary Electronic Health Record (EHR) system. When a cyber-attack hits a hospital, the admin staff can activate SpareTire and access it via the web or smart phone. They look at and update patient records, documenting care, ordering labs/medications, and performing clinical workflows, as normal.
Once the primary EHR is restored and cleaned, all data and documentation created in Spare Tire during the downtime automatically synchronizes back.
Spare Tire uses ShelterZoom document tokenization to protect its data and ensure auditability.
The blockchain aspect provides a time-based record of EHR document content changes. When an EHR record is created/uploaded Spare Tire generates a document token, a unique digital representation. This is cryptographically hashed and, along with metadata like permissions, timestamps, and originator details, anchored to a blockchain ledger.
All record actions are logged immutably on the blockchain for auditability and compliance (e.g., GDPR, HIPAA, FINRA). So we have an immutable and continually updated record that is not a backup, nor a snapshot.
ShelterZoom says its Spare Tire tech keeps operations running during an active attack and health systems stay functional through ransomware, infrastructure failure, or network compromise. Read more about its product lines here.
Hospitals considering it may also evaluate HPE’s Zerto continuous data protection scheme .
