Skip to main content

Embracing Business Continuity at a Health Organization 

Imagine this: It’s 3:00 AM. You’re a nurse in the middle of your night shift. Tonight, you have five patients in the cardiology department. You enter patient data on the laptop, when suddenly, the EHR crashes. You check your mobile device. A perplexing error message flashes on the screen. You leave your patient to use the phone at the end of the hallway. Surely the help desk can assist. You pick up the phone, but there’s no dial tone. You feel a rising panic in your gut. Other clinicians retreat from patient rooms and chaos grows in the hallway. Rumors start to spread; other floors are experiencing the same thing. Someone says the network is inexplicably down. Then it dawns on you. The health system has fallen hostage to a ransomware attack. And you, with all your education and training and passion, you, who remains responsible for five patient lives, have no idea what to do next. 

This is digital darkness. Is your health system prepared for what comes next? 

You are not alone. While you cannot control when and where such events will occur, you can manage your ability to maintain operations and continue to care for patients through effective business continuity planning. According to a recent New Osterman Research Report1 , “at two-thirds of organizations, there is a fear that almost all employees, 95%, will not understand how to recover following a cybersecurity attack. Priority tasks might include operating without core IT systems and switching to manual processes to get important tasks completed.”  

In the context of health care, digital darkness refers to the complete cessation of all digital activities. It involves a situation where the entire system experiences a blackout simultaneously, affecting internet connectivity, cellular communication, electronic health records, telemetry, and other related functionalities2. In the late summer and early fall of 2020, when six large health systems were attacked by ransomware, the FBI issued a series of warnings to health systems. 

Most health systems have plans in place for responding to critical incidents including weather, intruder, etc. Few organizations have a business continuity plan that takes into account the totality of operating in digital darkness. If the worst-case scenario were to impact your organization, how long could your organization operate in digital darkness? One day? One week? We recommend you are prepared for 6 to 8 weeks of business continuity until all systems are restored. 

A major health system in the southeast, comprised of 18 acute and specialty hospitals, required a business continuity plan to support 30,000+ employees in the event of digital darkness. The client engaged Optimum to prioritize the top process areas in the hospital and develop a business continuity plan for each. These eleven areas included: 

    • Lab orders and results: Where do we send lab results and orders and specimens? 
    • Medical administration: How will internal pharmacies function and administer medication? 
    • Patient registration and identification: How do we handle the influx of patients and proper discharge protocols? 
    • Housekeeping: How do I ensure beds are clean and ready for emergency department patients?  
    • Bed management: How do I transfer patients to different departments? 
    • Patient monitoring: How will we monitor patients’ vitals? 
    • Imaging: How will Radiology continue to function?  
    • Clinical documentation: How will providers, and primarily nurses, continue with HIPPA-compliant documentation? 
    • Overall communications: Without a network, how will we notify our team members, mobilize additional staff and share updates with patients’ families?  
    • Supply chain: How do we continue our normal warehousing, distribution and procurement of supplies?  
    • Payroll: How will we pay our employees on time?

Optimum conducted over 40 interviews with stakeholders before compiling feedback and determining a solution. As part of our work, we delivered the following: 

  • Business Continuity Strategy / Plan 
  • Risk Assessment Scorecard 
  • Business Continuity Management Governance 
  • Downtime Procedures and Preparedness Checklists 
  • Communications and Activation Strategies and Playbook 

The client is now prepared for a worst-case digital darkness scenario and has a strategic plan to address high-risk areas. The client has continued to engage Optimum for its Technical Transformation initiatives. 

In the face of the growing threat of digital darkness, the story of the nurse navigating a sudden cyber crisis serves as a stark reminder of the vulnerability of our interconnected world. As the reliance on digital systems in healthcare deepens, the specter of a complete blackout looms larger. It’s no longer sufficient to assume that existing crisis response plans cover the complexities of operating in the absence of digital infrastructure.  

The call to action is clear: every healthcare organization must take proactive measures to ensure their readiness for prolonged periods of digital darkness. Learning from the experiences of those who have engaged in comprehensive business continuity planning can guide us. From lab results to payroll, every facet of healthcare delivery hinges on digital processes, demanding robust contingency strategies. The time to develop those strategies is now, before the lights go out. Ready to start your digital transformation? Reach out to your sales rep or contact us today. 

Subscribe to The Optimum Pulse

Make sure to subscribe to our Linkedin Newsletter, “The Optimum Pulse” for the latest news and updates in healthcare IT.

Subscribe on LinkedIn
Optimum Pulse News Blog Optimum Healthcare IT

You can also follow us on LinkedInTwitter, and Facebook to join the conversation.

Close Menu