8 Of 10 Healthcare Organizations Not Prepared For Disaster Recovery Incident

By Rebecca McCurry

Many health organizations not fully prepared to handle power outages or security breaches. Are you prepared for a disaster?

MeriTalk’sRx: ITaaS + Trust” study examines how much security breaches, unplanned power outages, and data losses end up costing providers more than $1.6 billion every year. According to the study, “19 percent of respondents from global healthcare organizations have experienced a security breach in the last 12 months, which ended up costing them $810,189 per incident.”

Many of these breaches were caused by malware and viruses, physical security breaches, outsider attacks, and user error. The study further explains “28 percent of respondents have experienced data loss in the last 12 months.” This ended up costing them $807,571 per incident. Unplanned power outages are often experienced by providers, which can end up costing up to $432,000 per incident.

MeriTalk, acknowledging the odds of a breach or outage are relatively high, notes most organizations aren’t prepared. “Providers acknowledge there is more work to be done. Less than one in three respondents (27 percent) believes their organization is fully prepared to ensure continuous availability of ePHI during unplanned outages, disaster recovery, or emergency mode operations.

“And, once an emergency has passed, only 50 percent of respondents are confident in their organization’s ability to restore 100 percent of the data required by SLAs. More than half (56 percent) would need eight hours or more to restore 100 percent of the data. The majority – 82 percent – say their technology infrastructure is not fully prepared for a disaster recovery incident.”

A representative from EMC, Roberta Katz, recently told CruxialCIO “Many healthcare organizations are in the process of building services delivery capabilities within their organizations. As healthcare organizations start looking at their infrastructure for transforming IT, they’re realizing they have gaps or areas of improvement for protecting and securing protected health information.” To begin preparation for handing security breaches, outages, and data loss, organizations are encouraged to take a layered approach to protect their data. This includes authentication, audit tools, log management, and HIPPA security risk analysis.