Traditional DRBC plans include two phases:

  • Disaster Recovery (DR) defines how an organization's IT department will recover from a natural or manufactured disaster. The processes within this phase have included server and network restoration, copying backup data, and provisioning backup systems.
  • Business Continuity (BC) focuses on the business operations side of DRBC. It has involved designing and creating policies and procedures that ensure essential business functions and processes are available during and after a disaster. BC has included staff replacement, service availability issues, business impact analysis, and change management.

DRBC plans based on the National Institute of Standards and Technology (NIST) from 2010 included strategies to deal with the business impact of up to 72 hours of system/network downtime, which was a reasonable assumption at the time.

Today's DRBC plans must consider a more significant business impact.

Ransomware attacks have extended potential downtime beyond 72 hours, up to 30 days or more. Healthcare organizations must therefore re-evaluate their DRBC plans to consider extended downtime.

The possible scenarios are dramatic and require critical business strategies that go beyond technology and systems. For example, extended downtime can impact patient safety, not just information technology.

Does your organization have an updated DRBC plan based on extended downtime?

If not, you should consider hiring subject matter experts. Our team understands how to help. We start by assessing the current state of your plan and work with your team to update it. And we provide ongoing recommendations for change management.

Gain a detailed level of understanding of the current state of the Emergency Management Plan, the Disaster Recovery Plan and the Cybersecurity Plan
Conduct a high-level priority business impact analysis (BIA)
Identify preventive controls. Measures taken to reduce the effects of system disruptions can increase system availability and reduce contingency life cycle costs.
Review individual information system contingency plans
Create Long Term contingency strategies
Ensure plan testing, training, and exercises
Ensure plan maintenance

While there are no guarantees for preventing an attack, ComplyAssistant can help you reduce risk and be prepared to respond. Therefore, we highly recommend that if you haven't already taken steps, the time to begin is now, before the attack.

Ready for a consultation?

Tell us a bit about yourself and one of our experts will contact you: