Is Your Hospital Vulnerable to Cyberattack?

Could your hospital cope if a cyber security breach meant a loss of all IT services? The Bahrain Defence Force (BDF) Hospital found out first-hand recently when it suffered an outage lasting four days, reportedly caused by a cyberattack.

Cyberattack Hospital.jpg

The incident highlighted the vulnerability of hospitals globally to attacks on their IT facilities. Such outages can have both an immediate impact on patients and longer-lasting consequences for management teams in terms of business continuity and disaster recovery.

Hospitals in the United States appear especially vulnerable. Over the last two years a large number of US health facilities have reported ransomware attacks, many of them successful for the attackers. 

Regrettably, healthcare institutions are a perfect target for cyber criminals. They store large quantities of confidential and sensitive patient information and medical research which, if made public, could have devastating effects. To avoid this risk of exposure, the targeted health care facility may well end up paying the ransom demanded.

Reliance on IT has increased dramatically in recent years as healthcare institutions have moved away from paper-based patient records, with clinical records and images now entered directly into IT systems. 

In our own business we have seen that just 20 years ago only medical lab information was considered sufficiently critical to need a recovery window of 24 hours. Eight years ago that window had shrunk to six hours and included the patient management system, radiography and patient records.

Business Continuity Research Results

Business Impact Analyses (BIA) conducted by Standby show that hospitals are now highly reliant on IT and the services it provides to such an extent that the wellbeing of patients is at stake. 

For example, in 2016, Standby provided a report to a major New Zealand DHB on the reliance of IT, the results of which were shocking.

Of the 32 departments analysed:

  • 38 percent said IT was ‘critical’ to their operation

  • 28 percent said it was ‘very important’

  • 12 percent said they could not tolerate any outage

  • 66 percent said they could not manage with an outage of more than 8 hours

  • ·61 percent indicated a zero tolerance of any loss of data.  

This demonstrates the high degree to which hospitals are now reliant on IT. It also clearly shows that specific measures need to be taken to prevent IT outages, so critical data is not lost or compromised.

How We Analyse Process

Standby’s process to gather information of this type is detailed and extensive. It involves talking to those on the frontline of reliance on IT and understanding their views on its importance rather than relying on the IT personnel’s perspective. Our team then reports back to the IT group on whether their systems meet the hospital’s needs. 

As part of this BIA process, Standby asks specific questions that highlight vulnerability to malicious cyberattacks. We check whether personnel are storing data correctly or undertaking activities that could open a window to cyberattack. Detecting such dangerous activity is critical to the protection of any organization, particularly hospitals.

Investing in a Standby Business Impact Analysis could protect you from a major IT outage, preventing harm to your patients and your organization and there is no better time to take action than today.

Find out more before disaster hits by emailing Standby at info@standbyconsulting.com

Sam Mulholland

Related Articles:-

Hospitals only spend 5% of its budget for Cybersecurity amidst 82% of them reporting to have been attacked

Health care’s huge cybersecurity problem

Hardin Memorial (USA) recovering from Cyberattack

Belgium’s Largest Hospital Fights Cyberattacks with AI

 

Exciting New Partnership Announced

Standby are delighted to announce a partnership with INONI. INONI is a Business Continuity Management (BCM) product developed in the UK by leading BCM consultants. The product offers a quick and extremely cost effective way of implementing a large BCM program across multiple sites and the different features within the cloud based software also allow you to streamline and integrate your Risk, Business Continuity and IT Disaster Recovery (DR) Management programmes all within one easy to use setup. We are extremely happy to now be able to offer such a product to our clients and partners in the Middle East.

If you would like to discuss this product or any other BCM or IT DR issues further then please feel free to get in contact at any point. 

Inoni and Standby For Your Business Continuity 2MB.jpg






Standby Celebrates 20 years in Operation

As Standby celebrates its 20th year of operation I felt it was a good time to reflect a little on our company history.  Standby was established in 1996 in response to an approach from IBM New Zealand to partner with them and establish a Business Continuity Recovery Service (BCRS) centre in the South Island of New Zealand.  Following a successful first project working for Wickliffe Press, IBM and Standby established a very successful long term partnership, working closely together to provide BCRS services and as well as Business Continuity Consultancy service throughout New Zealand and later in Australia and Fiji for clients such as New Zealand Dairy Foods Takanini, Auckland; Honda New Zealand; Schering-Plough Animal Health and Sealord one of New Zealand and Australia’s largest seafood companies.

Alongside the work completed in conjunction IBM, Standby, also carried out numerous consultancy projects under its own company name.  Some of the most memorable of these projects have been Mainland Products and Tower Australia & N.Z.; Waikato District Health Board and Massey University.

In 2007 Standby were proud to be approached by a Fortune 100 company based in the Kingdom of Bahrain to enhance and implement their IT Disaster Recovery solutions for the Middle East. Developing this project into a long term relationship allowed standby to lay foundations in Bahrain and establish a permanent office for its Middle East activities. From our Bahrain base, Standby has carried out many interesting new projects all over the GCC, in numerous different industry sectors such as banking and finance, insurance, construction, manufacturing and also education.

It was not long until Standby were also recruited to carry out Data Centre builds as well as IT consultancy, which due to my background in the IT sector and previously having built and managed data Centres for over 20 years it’s always one of my favourite areas of what we do. I am proud to say Standby has now successfully carried out over 10 data centre builds and 40 risk assessments throughout New Zealand and the GCC.

Twenty years is a significant time for any company to be in operation. During this 20 years Standby has built up a wide and extensive knowledge within the Business Continuity Management sector and put together an excellent team with an extensive knowledge of different industry sectors as well as in-depth expertise in Business Continuity Project Management and data center builds. Without the professionalism and high standards of our great staff, Standby would not have been able to develop its highly regarded knowledge and experience, or its enviable client base. They have taken on board my personal approach, where we deliver excellent bespoke reports, plans or data centers that meet the clients’ requirements.

 So as we move past our 20 years of operation I wish to thank our clients, supporting organizations and our Standby personnel and contractors who all work so hard to deliver above and beyond what is expected of them. 

Sam Mulholland  - Founder and Managing Director.  

Data Center Risk Assessment Can Save Thousands of Dollars

One of the most important lessons I learnt when managing data centres for Databanks Systems throughout New Zealand was the importance of carrying out risk assessments.  As a team of managers, we soon learnt that it is better to identify a risk and deal with it as early as possible, rather than let it remain and be the potential cause of a disaster. 

Individually risks may not present too much of a problem, but when combined with numerous other risk factors or events they can very quickly become a major issue.  It has become apparent to me throughout my career as a data centre manager and especially now as Senior BCP consultant that significant disasters are more often than not caused by a series of manageable events, that when combined create a “disaster”. A good example of this was during the recent flooding in my home town of Dunedin. 

The Event:

• In June 2015, there was the heaviest rain fall in 91 years
• Many streams and gullies feed into the South Dunedin basin from the hill suburbs
• Water flowed into a low lying area – less than 1 metre above sea level and started to pond
• Heavy flooding caused major problems such as road closures, power failures and the evacuation of a rest-home.

Other contributing factors

• The storm water infrastructure was already under stress from the usual winter rainfall it was designed to deal with
• Added to this was the fact that many of the drainage mud traps were full of mud and debris
• The screens in the pumping station designed to clear the water away filled with debris and could not clear the water
• The sea level in the area was above normal and so the natural drainage was not as fast as it could be
• Many of the houses in the area are now built on concrete slabs, which are only a few centimetres above ground level. 
• There was an increased run off of water from the surrounding hill suburbs.
• In the area of South Dunedin there has been an intensification of housing creating more roofs, drives and hard surfaces for the water to run off

Hindsight is a wonderful thing, but this scenario looks as if it were a flooding disaster just waiting to happen and unfortunately these types of floods will likely happen more often with the added effects of climate change and other extreme weather events.

What happened in South Dunedin, was of particular interest to me as the data centre I used to manage was very close to the area that was flooded.  This is the second time in my life that I have had a data centre nearly flooded.  The first was in 1984 flooding of Invercargill city.

As a Manager of high importance data centres, I learnt very quickly the importance of carrying out very regular risk assessments.  For matters such as flooding, we would check the local mud traps and drains to see if they were clear, check the roof to see if there was any debris in the roof gutters and drains.  Check to see if the gutters became full of water or whether the water could flow back into the building.  All of these risks we felt important to the maintenance of the data centre were often not typical major risks you would associate with the upkeep of a technology.  However, it was through knowledge sharing and outside review that we came to realise the importance of these ‘outside’ risks.

Flooding events are not only caused by rain and rivers but also caused in buildings through broken pipes, over flowing hand basins and toilets. 

Water presents a major risk to data centres. 

Sam Mulholland - Managing Director

In carrying out our Risk Assessments, Standby Consulting uses a comprehensive check list that has been developed through many years of research, knowledge sharing and experience. These risk assessments are adapted to suit the regions we work in and modified to suit the client.

For more detail download pdf  http://www.standbyconsulting.com/documents/Data_Centre_Risk_assessment.pdf

Need more information?
For New Zealand, contact Janet Jones on +64 021 271 9467 or +64 03 4434914 janet@standbyconsulting.com
For Middle East, contact Tom Ham on +973 13673555 (office) or +973 3918 7293 tom@standbyconsulting.com

Disaster Recovery Plans for Otago & Southland

Following the Christchurch earthquakes, New Zealand insurance companies have been asking companies and organisations “where is your disaster recovery, business continuity or crisis management plan”.  Many organisations think that insurance is their recovery plan, but that is not the case.  All that insurance does is provide a source of financial support.  Ask the businesses in Christchurch how effective insurance was in getting their backup tapes and other critical data from the red zone.  No effect at all!

Standby Consulting is a Dunedin based company and we have consultants based in Dunedin and Central Otago.  Our consultants are internationally certified, have worked in New Zealand and overseas and have many years of experience.  Standby can bring a wealth of knowledge and experience to the south of the South Island .  Our plans are modified to suit the size and operation of your business.  Standby are known for our down to earth, practical and pragmatic approach.

We can provide Crisis Management Plans, Business Continuity Plans, Disaster Recovery plans or audit your existing plans.  We can also provide ongoing support contracts, which will maintain your plans and keep them up to date.

So take advantage of the local support and knowledge that is available right here in your province.    Call Janet Jones on 021 271 9467 or contact us at Info@standbyconsulting.com.

I Want to Thank You Sam for the Professionalism of your Company

Those were the words said to me last week by the Chief Information Officer of a major New Zealand University that we are currently working with.  This was a very gratifying comment to receive and it highlights the level of delivery that Standby focuses on and delivers.  That comment not only reflects on me as the Managing Director of Standby, but also on the highly skilled and professional team Standby has used on the job.

Standby has been thrilled to work for this client again as we had carried out an extensive risk review, business impact analysis and DR planning project seven years previously.  The client called us back in to do a complete "refresh" stating that they were very pleased with our previous work and they had worked hard to address the improvements to their business continuity and disaster recovry resilience that Standby had highlighted to them previously.

The client has made significant advances in improving resilience and their capability to deal with a disaster or a major event at one of their campuses.  What was very pleasing to Standby was how they had thought "out of the box" and found solutions that are pushing the limits in dealing with massive data storage and the issues of sending it to a remote location. 

Sam Mulholland

Certified Business Continuity Planner in Central Otago, South Island, New Zealand

Senior Consultant, Janet Osborne (CBCP) is based in Central Otago.  She has worked for Standby for more than 10 years and has completed numerous business continuity projects for clients throughout New Zealand, Australia and in the Middle East.  Janet can assist your business with Risk Assessments (BIA) , Plan development and implementation (BCP), Plan audits etc.  She has vast experience in the areas of education, health, legal, telecommunications and manufacturing.  Please contact us if you would like to make use of Janet’s expertise.

Standby Project Receives ISO27001 Certification in Bahrain

In 2010 and 2011, Standby was contracted by a one of the leading financial organizations in the Kingdom of Bahrain to design and project manage the construction of their new computer centre.   The project included looking at the options available to the client, the capacities, such as cooling, power as well as providing a high security site with disaster recovery options. 

We prepared concept diagrams and fit out schematics for the client to consider and approve.  Standby clearly defined what the final result would be and how it would look.  One of the challenges was that this was a working data centre and all the work had to be carried out whilst the site was manned.  Planning was crucial so that there was no interruption to the client’s services.  

Not only was Standby responsible for the design of the server room but also the office space for operations personnel, management and the network and development personnel.

Features of the new data centre were:-

  • Two hour fire rated walls which were air and water tight

  • High false floor so that there was good cooling to the equipment

  • N+1 design in the cooling and power systems

  • Clean, tidy and well organised cabling and power cable systems are all supported by trays and clear of any possible interruption. There are multiple paths to the various cabinets plus high speed fibre and data cabling.

  • Good access security to the site and server room.

  • Fire detection and suppression systems.

The final result as a data centre that Standby has heard referred to as “the best in Bahrain” by international audit companies. In addition; this financial organization has successfully passed the ISO27001 audit certification process based on the scope of Electronic Information and Information Processing facilities at the Data Centre and Network Operation Centre for Data Storage, Application Processing, Archiving and IT Support.  

"Standby is very proud of the project and final result" says Sam Mulholland the M.D. of Standby, "however we must acknowledge that this was a team effort.  We had a client who was committed to the job and knew the standards they required and supported our recommendations.  We also had an excellent contractor Almoayyed Trading and Contracting, they have shown that they can fit out server rooms to the highest of standards".  

Saeed Nawar, IT Department Head of KFH says "I am very pleased with the final result and I found the team from Standby very good to work with.  They were knowledgeable, listening to our ideas and worked well with the contractors. They were always available to us and were very focused on providing a Server Room that met our requirements". 

 

Left to Right: Zandra Nicholson, Interior Design Consultant, Standby Consulting; Ramesh Teli, Sales Manager, Almoayyed Trading and Contracting; Sam Mulholland, Managing Director, Standby Consulting; Saeed Nawar, CIO KFH; Ali Mohd Al Madi, KFH; Ravichandran R, Assistant Manager, Technical Almoayyed Trading and Contracting; Peter Ashcroft, Project Manager, Ernst & Young