Disasters strike more often than anyone likes to admit, threatening to take systems offline and lose data to the ether. This is why healthcare organizations, regardless of size, are required to implement a disaster recovery solution.
But as technology evolves, threats are advancing alongside it. Moreover, being compliant and being secure are not the same thing — and while having a disaster recovery plan may make your organization compliant, it won’t necessarily make it more secure.
Disaster Recovery Meets Cybersecurity
While most IT teams have plenty of experience preparing for physical and human-related disasters, cyberthreats present a new and more dynamic challenge. To effectively protect against evolving cyberthreats, healthcare organizations should view DR as just one component of a cybersecurity plan. Ensuring it's an effective part of an overall security plan requires IT teams to ask certain questions to put the right structure in place.
Teams should ask what systems the organization has in place that can:
- Prevent and detect intrusion
- Prevent account compromise
- Monitor file access and potentially malicious activity
- Restrict inbound and outbound web traffic
- Protect email from phishing, malicious attachments and other threats
Teams should also ask:
- Do we have firewalls in the right places and performing the right functions?
- Do we have staff trained in security measures (system hardening, for example)?
- Do we have sufficient real-time monitoring and alerting to stop attacks?
Typically, these questions are overlooked by IT teams seeking to develop a disaster recovery plan.
Identify Potential Disaster Recovery Gaps in Cybersecurity Plans
Performing a cybersecurity risk assessment against a DR plan can be the easiest way to identify potential gaps. One of the first steps in this process for IT leaders should be conducting a likelihood/impact analysis for each type of cyberthreat against the organization's recovery solution. This will allow the IT team to determine the technical likelihood that malicious software could impact the DR setup, and will help them understand the different ways malicious software or activity could be used to cripple local systems and the DR arrangement.
Additionally, teams should seek to figure out which controls or countermeasures the organization has in place, as well as what is still needed to effectively protect against threats. If malicious activity compromised an organization’s systems, what would recovery look like? Map out what third-party assistance IT teams could leverage quickly if a cyberattack overwhelmed staff.
While healthcare organizations may not be able to prevent a cyberattack from happening, taking steps to prepare for an attack can go a long way in helping to mitigate the impact and enable faster recovery.