CPR for Healthcare SMBs when Disruption and Disaster Strikes

  • March 14, 2017
  • Print This Post

Business disruptions and disasters come in many forms and usually are unpredictable and unavoidable. Even something as small and seemingly common as a 30-minute power outage could cost a business of any size or type $15,000 within the first few minutes.

The situation is exacerbated for the growing number of small and mid-size businesses (SMBs) in the healthcare sector. Why? Because healthcare increasingly relies on digital technology at all levels, such as:

  • Handheld diagnostic tools
  • Tablet-based consultation reports
  • Electronic medical records
  • Automated reconciliation, billing and payment

And the list goes on. At many healthcare locations, scanners, refrigerators, and ventilation systems pose security risks as today many are part of the Internet of Things (IoT). As are bed-side and handheld monitors and treatment devices. Traditionally, none of these have the protection applied to other IT systems, although they’re critical to a healthcare business.

Business continuity, especially for your IT systems, is crucial for healthcare business of all sizes. HIPAA requires a BC plan, although some healthcare SMBs don’t understand what’s involved. The threats to data are increasing. Some IT experts estimate that 90% of healthcare organizations have suffered at least one data breach in the last two years, despite best practices for avoiding cyber attacks.

Leaders of healthcare SMBs can limit the impact of disruptions with a comprehensive Business Continuity (BC) Plan. Avoid the mistakes of many organizations that don’t go deep enough with their plan, or worse, put it off. And when planning, treat cyber disasters – data breaches, DDoS attacks, ransomware, etc. – with the same gravity as physical disasters. Because SMBs of any kind are more likely to experience a major financial loss in a disaster of any type than larger corporations.

Use these key tips to make your BC plan effective.

  • Engage your leaders and employees in the plan so they know their roles.
  • After a disruption or disaster event, plan to get mobile phones, laptops and tablets working asap. These are the most critical physical assets so your team can implement your BC plan.
  • Treat IT recovery equal to – or perhaps even more important — than recovering physical assets. Make restoring data flow between your systems a key step in your plan.
  • Be sure you have both on-site and off-site backups properly functioning, and automate both sets of back-up processes as much as possible.
  • Choose off-site options with security equal to or better than your on-site security. Ask about their firewalls and filters, and require any cloud-service providers to prove the security they promise.
  • Test your plan periodically, including simulations, and regularly review it with all employees.

Does hiring a Managed Services Provider (MSP) with strong security experience make sense for your healthcare business? Run a cost-analysis. With expertise and capabilities you don’t have in-house, they can:

  • Deliver data encryption and identity verification, especially critical when handling protected health information.
  • Recommend the right recovery levels for your applications and data.
  • Execute your recovery plan if your employees can’t access key systems, meeting your recovery point objectives (RPO) and recovery TIME objectives (RTO).
  • Stay current on the cloud-based services that serve healthcare businesses best.

Need Help With
Your IT?

Find a Location


Need Help with your IT?

Find a Location
Near You.


into the evolving world of IT for business.
Subscribe now.

Follow Us
Friend me on FacebookFollow me on TwitterFollow my company on LinkedInRSS Feed

Follow us on Twitter


ITinflections is a blog that covers a wide range of technology-based articles IT in the workplace, focusing on small- to medium-sized businesses.

If you’re looking to improve your company’s productivity through the effective use of technology, enjoy ITinflections, the blog about technology for business.