Five DR Strategies Your Organization Needs Today

/in /by

Introduction

You never know when a disaster will strike.  Living near the coast, hurricanes and flooding are annual concerns. Central states need to prepare for tornadoes. Southwestern states may be impacted by forest fires. Virtually every hospital maybe impacted by cyber-attacks at some point or could even experience violence (like an active shooter).  A recent study on disaster preparedness in New York State found that 73.3% of hospitals would not be able to operate after one week in the event of a disaster without external assistance. 

The importance of having established disaster recovery plans is critical for any health system.  Plus, ensuring continuity of patient care while minimizing operational impacts during and after a disastrous event must be planned for.   

Depending on the type of disaster, supply lines and communication can become disrupted placing further burdens on existing patient care, as well as those that are inbound for care.  Having plans in place and practicing disaster scenarios helps to minimize the impact when a disaster strikes.  Covering every disaster scenario is far too extensive for this month’s blog, but here are a few tips and skills can help you plan for a disaster scenario confidently.   This month, we look at five DR strategies your organization should take to help prepare for a disaster, along with some tips from InsiteOne to enhance your disaster recovery strategies.

DR Strategy #1: Risk Assessment and Planning

Conduct thorough risk assessments to identify potential hazards and vulnerabilities within your organization. Then, develop plans to mitigate those vulnerabilities. Creating a detailed disaster recovery plan that outlines specific protocols and procedures for different scenarios and running tabletop exercises for those scenarios improves your readiness when a disaster occurs.

InsiteOne Tip

When it comes to medical imaging, an off-site disaster recovery archive and strategy allows for continued operations.  Natural disasters like tornados or hurricanes, may cause your facility to lose access to on-site medical images.  Setting up methods to continue with image acquisition, then sending images to a cloud-based archive, helps ensure access to patient data can continue. Adding a low-cost disaster recovery PACS instance, further maintains operations, continuity of care, and improves patient outcomes.

DR Strategy #2: Backup systems, redundancies, and downtime plans

Redundant systems add costs to existing infrastructure and often are at the bottom of planning lists. Implementing redundant systems for critical infrastructure, like power supplies, data storage, and communication networks, are critical components in every disaster recovery plan. Routinely backing up all electronic health records (EHRs), patient data, important documents, and other mission critical solutions necessary for continuity of care at secure off-site locations should be established and part of your long-term disaster preparedness plans.

InsiteOne Tip

Redundant systems will duplicate some costs and some solutions may be cost prohibitive.  Ensuring daily and incremental backups of your critical IT systems should occur on a routine basis to ensure there is no lapse in patient data. Store your backups in secure off-site locations.  Adding redundancies (like outside access, power supplies, and cloud data storage) provides business continuity when a disaster strikes, improving continuity of care.  If you are interested in exploring low-cost disaster recovery RIS/PACS/VNA solutions, contact us at InsiteOne as we provide solutions to help you maintain operations when your primary systems are down, ensuring your organization can provide continuity of care at an attractive price.

DR Strategy #3: Emergency response training

Provide regular training and drills for hospital staff to ensure they are well-prepared and familiar with emergency response protocols. Train on evacuation procedures, triage, and how to handle different types of emergencies.  Emergency response training sessions provide an opportunity to practice how one would act in the event a real emergency, and that training could make the difference between life and death or help limit less downtime or data exposure.

InsiteOne Tip

Proper training for your staff is very important. Having the skills and knowledge of how to act during a disaster can mean the difference between making a disaster situation worse or lessening the impact when it occurs.  Look for content from FEMA to explore guidelines and training resources to help your organization better prepare for disaster situations.

DR Strategy #4: Collaboration and communication

Foster strong partnerships and communication with local emergency response agencies, neighboring hospitals, and community organizations. Be sure to keep your internal staff well informed but also other partners and local agencies. Establishing clear communication channels for effective coordination during emergencies is critical to ensuring that everyone understands the situation and how it is being handled.  Clear communication limits miscommunication and improves outcomes during an emergency situation.

InsiteOne Tip

When it comes to any disaster situation, training and strong communication protocols are critical. Defining everyone’s roles and responsibilities involved in an emergency or disaster helps limit challenges when an actual disaster or emergency occurs.  Clear lines of communication and established protocols, for both internal and external parties can reduce chaos and help everyone understand when and how information will be shared.  Miscommunication causes unease among staff and can potentially worsen the outcome of your situation.

DR Strategy #5: Ensure Continuity of Care and Supply Stockpiles

Continuity of care plans for patients with chronic conditions or for those with ongoing treatment needs must be established.  Creating protocols to manage outpatient care, medication delivery, and medical follow-ups during and after a disaster are equally as important. Ensure you have adequate stock of medical equipment, pharmaceuticals, and other essential medical supplies on hand to sustain operations during a disaster. Depending on the disaster type, you may need plans for patient evacuations, transportation, and shelter, should the need arise to move patients to a safer location. Creating plans for post-disaster recovery, including psychological support for patients and staff, infrastructure repairs, and long-term resilience planning, should also be evaluated to prevent similar future incidents.

InsiteOne Tip

Having 24×7 anytime, anywhere access to your data is only one part of disaster planning.  Not only is it important to have historical patient images and clinical data available but plans for how you will acquire and transmit images to off-site disaster archives should be considered.  Establishing communication protocols, maintaining continuity of care, and offering post-disaster recovery plans helps prepare your organization to handle most emergency or disaster situations.    

Conclusion

Disasters and emergencies can take many forms. Winter storms, destructive tornadoes, hurricanes and flooding are just a few to consider. The suggestions described in this blog only scratch the surface in what you should consider when creating disaster plans and should be used to encourage additional research and planning for your organization. By preparing and implementing disaster strategies, hospitals can enhance their disaster recovery preparedness and better respond to emergencies, while ensuring continuity of care continues in the most challenging situations.

Although InsiteOne does not offer complete disaster recovery preparedness planning, we do offer solutions to help ensure your imaging data is safely stored in the public or private cloud. Cloud storage ensures your data is always available on virtually any device.  Our disaster recovery RIS/PACS/VNA solutions can help you maintain continuity of care should a disaster occur.

If you want to learn how InsiteOne can help with our cloud archiving or cloud-hosted DR RIS/PACS solutions, reach out to us today to start a conversation about planning and implementing an infrastructure that will ensure you are better prepared should a disaster strike your organization.

How to Protect Your Organization from a Cyberattack

/in /by

Introduction

According to the US Department of Health and Human Services, cyberattacks have increased on health systems by 9,851% since 2019.  This makes it imperative you learn how to protect your organization from a cyber-attack.  In fact, in 2020, there were 239.4 million cyber-attacks on healthcare endpoints costing healthcare organizations, on average, over $4 million per incident.  In 2021, this figure has risen to an average of over $9 million per incident

While staggering, these numbers are sure to increase, making vigilance and preparation critical to ensure your organization is properly prepared and protected.  But why are healthcare organizations the target of ransomware or cyber-attacks in the first place?   A primary reason is the vast amount of sensitive and valuable data (like personal health records, financial information, and insurance details) they possess. This data is highly sought after on the black market making it useful for identity theft, insurance fraud, or sold for profit.

Another reason health systems are targeted is due to the disruptions in patient care a cyber-attack can cause.  Health systems are more likely to pay ransom payments to quickly get their systems back on-line, limiting disruptions and to protect their established trust within their community.

Realizing why hospitals are targets of cyber-attacks is one thing but understanding steps to take to keep your data and staff safe is equally as important.  In this month’s blog, we’ll share a few ways you can help protect your organization from ransomware and cyber-attacks along with some thoughts from InsiteOne to keep your data safe and secure.

Action #1: Awareness and Training

One of the best lines of defense an organization can do to keep data safe is through continuous training to all staff on the methods cybercriminals use to find organizational vulnerabilities.  Phishing attempts are the most common and successful methods to catch employees off guard.  Oftentimes, unwary staff may feel pressured to offer information that provides cybercriminals an easy pathway to penetrate your organization.  Phishing, social engineering, spear-phishing, malware, and insider attacks are just a few of the methods used to compromise healthcare IT systems today.

InsiteOne Tip

Many organizations provide cyber security training to keep employees informed and educated on the type of attempts they may face every day.  Organizations like Knowbe4 offer training courses, information, and on-going updates that are entertaining, yet very insightful.  Your healthcare teams are always your number one defense in defending against a cyber-attack, and frequent training is the key to help keep your organization safe.  The more your employees know, the better protected your organization will be when it comes to cyber security threats.

Action #2: Encourage strong passwords and best practices when in possession of sensitive information

Using “password” as your password is a bad idea.  Writing down your passwords and taping them to your computer is even worse.  Strong passwords are a strong line of defense against cybercrime. Techniques like creating passwords from your favorite songs or using the first letter of a favorite phrase (intermixed with numbers and other characters) makes password creation easy to remember and difficult to hack.  For example, the song “Don’t Stop Believing” by Journey could become a password like “D0nt_Stp#B3li3ving!”.

Encourage employees to memorize passwords or better yet, use a password manager to maintain them so they stay safe and secure and only have one password to remember.  Writing passwords down and keeping them by your computer opens the door to unwanted opportunity for compromising your IT systems.

Protecting sensitive information is equally as important. Never leave sensitive information out in the open if you must leave your workspace.  Lock up sensitive information in a secure location and log off your computer.  It’s a good idea to always keep your workspace organized and free of sensitive data.  Finally, never insert unknown USB drives into your computer. They may contain harmful malware ready to attack your organization’s network.

InsiteOne Tip

Creating complex but easy to remember passwords and securing sensitive information seems common knowledge, yet oftentimes, people get in a hurry and may inadvertently make a mistake. Under time pressure, a user may create a simple password and write it down with the intention to change it later.  An impromptu meeting could pull them away in a rush potentially compromising their workspace. Leaving sensitive data in a folder by your computer makes it easy for prying eyes to find just what they need to inflict harm. Continuous diligence is very important in the fight against cybercrime.

On-going cyber security training for your staff prepares them for handling cyber-attacks.  Your employees are your first line of defense and arming them with knowledge helps better protect themselves and your organization from cybercrime.

Action #3: Data Encryption

Encrypt your data at rest and in transit.  Ensure your IT systems provide the ability to encrypt data while being stored and at rest. Data encryption while in transit further ensures you will be less likely to have data stolen and misused during a cyber-attack.   Encrypted data, without a de-encryption key, is useless to a cybercriminal.  It’s equally important to make sure data is transmitted securely and only the intended recipient has the necessary de-encryption key.  Any interception of the encrypted data while in transit provides no value to the criminal.

InsiteOne Tip

InsiteOne’s archives provide data encryption while at rest and in transit, ensuring your data is safe and secure all the time.  Any interception will be useless to cybercriminals and by using some of today’s best security methodologies, your data is always protected in our archives and managed under our watchful eye.

Action #4: Network Segmentation and Security Patches

Segmenting your network limits the spread of a potential breach should one occur. Isolating critical systems and data from less secure parts of your network ensures your data remains safe in the event of an attack. Additional access controls on your segmented networks keep only the people authorized to access the data in and everyone else out.

Keeping your software and IoT devices updated with the latest security patches helps to decrease their vulnerability during a cyber-attack.  Cybercriminals know where to look once they have access to your network and oftentimes, vulnerabilities in systems not frequently used or older IoT devices on your network could be the key they need to cripple your organization. Once your data is locked by a cybercriminal, they may demand you pay a ransom to unlock your network and systems.  Regular updates to your antivirus and anti-malware programs also ensure you are better protected against the latest known threats.

InsiteOne Tip

Network segmentation is a common practice used to keep outside traffic away from sensitive IT systems and data.  With greater access controls in place, in the event of a breech, your sensitive data can oftentimes be kept safe and not compromised.  InsiteOne understands how to segment medical imaging data so that in the event of a cyber-attack, your patient imaging data will be extremely difficult to access. Locking down common ports and using advanced security measures are just a few of the ways we help ensure a data breach will not impact your imaging data.

Action #5: Perform Regular Risk Assessments and Security Audits

Conducting frequent security audits and risk assessments is critical to success. Identifying vulnerabilities and weaknesses in your networks and systems helps prepare you for how to defend against a cyber-attack.  Understanding the vulnerabilities and addressing the issues promptly helps you to mitigate potential risks to your organization. 

Another important part of security assessment is creating a detailed incident response plan. Your plan should outline the steps staff needs to take in the event of a cyber-attack. Having a good incident response plan can limit the damage of a breach, since your team can respond quickly to avert further damage. Your plan should include procedures for reporting incidents, isolating affected systems, and communication protocols for all staff and relevant stakeholders.

InsiteOne Tip

Companies like Cloudwave can help prepare your organization for a cyber-attack. They also offer services like risk assessment and security audits.  Random, professionally organized cyber-attack drills prepare your staff how to react should a cyber-attack occur. With that knowledge, plus real-time practice could make a huge difference in the outcome of an actual cyber-attack in the future.  Understanding how your processes are followed during a staged event provides a real-time method with guidance on ways to improve your processes and communication protocols when a real cyber-attack occurs. 

Conclusion

Cybercrime is on the rise and healthcare organizations continue to be vulnerable. Aging technology, IoT devices that cannot be patched, and limited spending on cybercrime prevention provide easy access for cybercriminals to breach your network and gain access to sensitive data.  This blog only scratched the surface while providing a few tips on preparing for cybercrime in your organization. Hopefully, it will encourage you to work with your vendors and companies like InsiteOne to establish a safe environment for your data.  Limiting your exposure when a cyber-attack occurs is just as important as preventing it in the first place.  InsiteOne has a long history of keeping clinical data safe and the methods we use to protect your data keep cybercriminals out. 

If you want to learn more about the benefits of InsiteOne’s archiving and security solutions, be sure to reach out to us today to start a conversation about modernizing your infrastructure and ensuring your patient imaging data remains safe and secure.