Could your hospital cope if a cyber security breach meant a loss of all IT services? The Bahrain Defence Force (BDF) Hospital found out first-hand recently when it suffered an outage lasting four days, reportedly caused by a cyberattack.
The incident highlighted the vulnerability of hospitals globally to attacks on their IT facilities. Such outages can have both an immediate impact on patients and longer-lasting consequences for management teams in terms of business continuity and disaster recovery.
Hospitals in the United States appear especially vulnerable. Over the last two years a large number of US health facilities have reported ransomware attacks, many of them successful for the attackers.
Regrettably, healthcare institutions are a perfect target for cyber criminals. They store large quantities of confidential and sensitive patient information and medical research which, if made public, could have devastating effects. To avoid this risk of exposure, the targeted health care facility may well end up paying the ransom demanded.
Reliance on IT has increased dramatically in recent years as healthcare institutions have moved away from paper-based patient records, with clinical records and images now entered directly into IT systems.
In our own business we have seen that just 20 years ago only medical lab information was considered sufficiently critical to need a recovery window of 24 hours. Eight years ago that window had shrunk to six hours and included the patient management system, radiography and patient records.
Business Continuity Research Results
Business Impact Analyses (BIA) conducted by Standby show that hospitals are now highly reliant on IT and the services it provides to such an extent that the wellbeing of patients is at stake.
For example, in 2016, Standby provided a report to a major New Zealand DHB on the reliance of IT, the results of which were shocking.
Of the 32 departments analysed:
38 percent said IT was ‘critical’ to their operation
28 percent said it was ‘very important’
12 percent said they could not tolerate any outage
66 percent said they could not manage with an outage of more than 8 hours
·61 percent indicated a zero tolerance of any loss of data.
This demonstrates the high degree to which hospitals are now reliant on IT. It also clearly shows that specific measures need to be taken to prevent IT outages, so critical data is not lost or compromised.
How We Analyse Process
Standby’s process to gather information of this type is detailed and extensive. It involves talking to those on the frontline of reliance on IT and understanding their views on its importance rather than relying on the IT personnel’s perspective. Our team then reports back to the IT group on whether their systems meet the hospital’s needs.
As part of this BIA process, Standby asks specific questions that highlight vulnerability to malicious cyberattacks. We check whether personnel are storing data correctly or undertaking activities that could open a window to cyberattack. Detecting such dangerous activity is critical to the protection of any organization, particularly hospitals.
Investing in a Standby Business Impact Analysis could protect you from a major IT outage, preventing harm to your patients and your organization and there is no better time to take action than today.
Find out more before disaster hits by emailing Standby at email@example.com