Prepping for a Technology Fail
In this day and age, all our practices are dependent upon digital solutions. If the technology that runs your business should fail, do you have a plan in place to help you recover and continue business operations … quickly and securely? What can you do to embed “security” into the culture of your practice?
The National Institute of Standards and Technology defines credible plans for Technology Failure as having five components:
Identify: What sensitive data do you have? Obviously patient information … who do you share it with and how is it protected? Employee information? Protecting healthcare information, financial info used for direct deposits? Do you have a hardware (computers, monitors, etc.) inventory? And also, a software or platform inventory … what if THEY have a security issue?
Protect: Immediately you would think of your scheduled back up procedures, but what about employee training/education? Have your applications and platforms been updated to the most recent versions and/or patch?
Detect: Do you have checks and balances in your systems? Data loss prevention software? Let’s look at the relevant questions:
- What happens if malware gets on the computers?
- What if there is a ransomware demand?
- Who would you turn to in these situations?
- Which person on your staff is Champion of this process?
Respond: It’s important to have plans in place for handling this type of emergency. It’s even more important to have practiced these plans … on a regular basis. This section is called “respond”, NOT “react”.
“No (battle) plan survives first contact with the enemy.” Helmuth von Moltke
Embrace this fact and focus on “lessons learned” to keep you ahead of the ever-changing technology challenges.
Recover: What will it take to move forward in the case of a technology emergency? What is your communication plan? What insurance coverage is needed and is it currently adequate for your particular situation?
This framework may cover the basics, but I would add another component. After all this is in place, you need to bring in an expert to audit your specific situation.
Think of this as a form of risk management. There is no perfect solution; rather an ever evolving “keeping up” that must be handled. Your patients and your employees depend on your vigilance.