There is one outstanding issue that deserves special attention: the recovery of information technology (IT) following a disaster.
What Is A Disaster Recovery Plan?
A Disaster Recovery Plan (DRP) outlines how your organization aims to bounce back from a major disruption like a cyberattack. Disaster recovery is closely connected to continuity and data backup. While Business Continuity Plans take into account all business assets and deal with the resumption of core operational functionality after a disaster, a DRP focuses exclusively on recovery of IT assets, such as computer systems, data, and IT infrastructure. A DRP is broader than a backup strategy, since it deals with recovery of all of your IT assets, not simply the data.
Why Invest In A Disaster Recovery Plan?
According to a recent report, nearly 54% of healthcare organizations do not have a proper response plan to a cyberattack, and one out of five say they will improvise their recovery efforts.
This is a recipe for disaster. Hospitals need a DRP to prevent chaos from a cyberattack affecting your IT assets. For CEOs and administrators, the benefits of implementing a DRP will help your organization:
Minimize Downtime and Data Loss — A recent industry report found that 71% of companies and 79% of mid-sized firms have to deal with at least one outage per year, leading to 27% of businesses to lose revenue, and 8% to lose data. By detailing steps for hospitals and clinics to need follow to recover IT processes, the DRP helps you keep downtime and data loss to a minimum.
Minimize Reputational Damage
Retain Your Client Base
Quality for Cyber Insurance and Lower Premiums — Many cyber-insurance firms require having a DRP, while other providers simply increase premiums for businesses without a plan.
Achieve Compliance — A DRP makes it a lot easier for facilities to comply with HIPAA and state regulations.
What Should Your DRP Have In It?
While continuity and disaster recovery are combined in the same document, we advise that you develop separate plans for each so you don’t end up with an exceedingly long document. Essential elements of a DRP are:
A list of critical IT functions, processes, and a diagram of the entire facility’s network.
A complete inventory of the IT assets needed for critical functions and process. These assets include:
IT Infrastructure Elements – e.g., routers, cable, and wires.
Hardware and Accessories – e.g., servers, desktop computers, laptops, COWs, mobile devices, keyboards, mouse devices, headsets, phones.
Software – e.g., operating systems and applications, EHR platforms, and all cloud-based solutions being used in your facility.
Data – including shared data, end user data, software-related data and metadata (see the section on backups for more information on metadata).
Authentication Tools – e.g., passwords, PIN codes, and certificates.
Backup Solutions – tapes, hard disk, and cloud-based solutions (again, see the section on backups for more information).
An impact assessment of the interruption of specific IT functions on your organization:
Recovery Time Objective — How soon do your IT processes need to be restored to prevent adverse effects in operations?
Recovery Point Objective — How frequent do data backups need to be, given the fact that data changes occurring between latest backup and an incident cannot be recovered?
Maximum Tolerable Period of Disruption— How long can operations manage without IT processes in case recovery does not go as planned?
Common IT impact scenarios include loss of:
Workspace
Electricity (power outage)
Network connectivity, such as internet outages or local network issues.
Heating or cooling systems
Data, such as data loss, data integrity (corruption to the data), data availability loss, which could be from a ransom attack, or result from software, hardware, or cloud failures.
Online services provided by your facility, such as websites
Cloud services
Hardware
Software
Electronic communications, such as Email, Telecommunication, online collaboration tools, voice, and video chat services
Authentication tools and services
Backup solutions (local or cloud-based)
Other IT infrastructure elements
A few things to consider with your disaster recovery plan:
Keep it concise and readable, while including explicit instructions for recovering essential processes.
Involve an expert: You can always outsource your DRP. (Ask us for help!)
Get a solid template and customize it.
