COVID19 Business readiness kit

At the start of 2020 Telehealth wasn’t really a thing. We saw practises still maintaining paper records as their primary source of data. For obvious reasons, the burden on the health system (including mental health) exponentially increased this year, and a digital transformation had to happen at a rapid pace to support Telehealth.

2019 saw the introduction of ‘My Health Record’ in Australia, and the ability for patient data to be universally available across hospitals and any registered practitioners. Through personal experience of this blogger, previously, moving my records from one GP to another involved the existing doctor saying they’d put a CD in the post to my new GP. No, thank you. I’ll pick that unencrypted CD and deliver it myself up if that’s the only option.

In the last month, the Australian Cyber Security Centre has issued an advisory about sustained targeting of the health care industry, specifically aged care and hospitals. The FBI has also issued the same warning in the US.

Why Now?

We can only hypothesise, but ultimately cyber criminals are business people. When the world has a heightened reliance on an industry as we do now, data accessibility becomes a priority. Imagine the chaos of a full hospital being crippled by ransomware. Unable to access patient records. Doctors and nurses having no idea what time the last medication was administered. The consequences of new patients who are unable to communicate having allergies to certain medications.

We’ve seen in recent history hospitals simply paying the ransomware to get their data back. They believe it’s a faster resolution and the best response for patient care.

The use of technology is new for many practitioners, and the scale and pace that it’s been deployed means that training and best practices aren’t always developed. Technology is only as good as the people that are trained to use it. This is what leaves not just healthcare organisations, but any business at risk.

COVID19 Business readiness kit

There is an alternative

Your business continuity strategy, regardless of what industry you’re in, needs to include data protection and disaster recovery.

Questions you need to ask:

  • How long could your business survive without any technology access?
  • What’s the financial impact of no systems for an hour, a day, a week, or longer?
  • What’s the public perception if your data becomes compromised?
  • How much data can you ‘afford to lose’?

Your business continuity strategy should encompass an agreement with your Managed Service Provider about how quickly your infrastructure needs to be up and running, and what accessibility levels are required in the event of a disaster. A disaster is not only defined as a natural event these days, it extends to cyber.

Make sure that your business is prepared for any eventuality. Build staff training, and disaster recovery strategies into your business continuity plan.

Don’t know where to start with your business continuity plan? Give us a call or drop us an email.

Sources