Business Continuity & Incident Response… Or An Unintended Holiday?

by Stephen Trout

One of the things you notice about “Old Scrooge” (as opposed to the changed one, post-hauntings) is that he just can’t take a holiday:

“But he was a tight-fisted hand at the grindstone, Scrooge! a squeezing, wrenching, grasping, scraping, clutching, covetous, old sinner! Hard and sharp as flint, from which no steel had ever struck out generous fire; secret, and self-contained, and solitary as an oyster.”

And,?“It’s enough for a man to understand his own business… mine occupies me constantly.”

The reason, Marley’s ghost tells him, is his invisible chains – forged “link by link and yard by yard” while?chasing a golden idol?– instead of?receiving?the true meaning of the season.??

But we all know the outcome: Scrooge gets an “unintended holiday” to see where it all leads.

What’s the moral? Getting a glimpse of one’s end?beforehand?is a good thing; it provides a much-needed wake-up call of sorts.

In a healthcare context, the same holds true. You may believe you’re fine with your security and patient data until you foresee the sad result: violations and fines, even lawsuits and potential loss of business. (Wood Ranch Medical ?is just one cautionary tale).

That’s when Marley’s regret might hit you:?“Business? Mankind?(ie, the patient)?was my business…”

Learning from Past and Future

And if you?do?get breached (compromised by any cyber attack), like Scrooge, you should entertain the “ghost” that will show you your?past?practices. A thorough risk assessment will be the starting place to help remedy what was amiss.??

If you haven’t been breached, be thankful, and prepare anyway for a spirit from?the future?to tell you what?could?happen, worst case.?

At a minimum, you’ll need a?business continuity/disaster recovery ?plan (with offsite backups), along with a clear understanding of how those backups will be used.

This is a critical part of your?incident response plan,?especially when you consider that,??

“42% of healthcare organizations surveyed,” as noted by the HIPAA Journal, reported that “an incident response plan had not been implemented, even though having an incident response plan has been shown to shorten the recovery time and reduce the cost of a data breach.”

Have an Incident Response Plan

Most incident response (IR) models,?notes ?Security Officer Pam Nigro of Everly Health, have been reactive – cobbling together an emergency response in the fallout of a cyberattack. Better to have a proactive approach, Nigro says, where “continual monitoring detects anomalies across the organization.”?

A comprehensive, 3-phase IR plan will therefore consist of?preparation?(of which a risk assessment and C-suite buy-in are part);?instrumentation?(firewalls, IDS, access-management, etc.); and?maintenance?(ensuring the tools are working correctly).??

The good news is if you host your ePHI with HIPAA Vault, a?BC/DR ?(Business Continuity & Disaster Recovery) service comes standard. Also standard is our 24/7 monitoring and regular?Intrusion Detection? and mitigation capabilities. It’s all part of our full plate of?managed services.? ?

So how can our ‘present’ benefit from a look back, and a look ahead? Your patients will be cared for, and you can continue doing what you do best…

…because not having an IR plan is a bit like Scrooge forgetting his true business, which just might lead to an unintended holiday:

“Business!’ cried the Ghost, wringing its hands again. “Mankind was my business; charity, mercy, forbearance, and benevolence were, all, my business. The deals of my trade were but a drop of water in the comprehensive ocean of my business!”

Want to learn more about HIPAA Vault’s managed services? Give us a call! 760-290-3460.

Trust HIPAA Vault to provide the safe communications & positive patient experiences that you expect! All our solutions are designed to protect you from costly HIPAA violations and fines, and data breaches that can ruin your business reputation. Our fully-managed security is designed to limit your liability and bring peace of mind!