Unfortunately, we are are not only facing threats from Cyber attacks but natural disasters as well. When speaking with practices, we discover that many do not have a disaster recovery plan in place as required by HIPAA. Even those practices that have a plan, have never run a test to try and recover from a disaster. A disaster could be the loss of a server or your entire network. Even more important is the integrity of your data. We recently worked with a practice who thought they were doing online backups, but found out that their practice management data was not being properly backed up. This was due to the incorrect configuration of the backup and not following the software company’s recommendations. They were hit by ransomware and lost a significant amount of data
It is imperative that you consult with your IT company to validate that your backups are working properly. This includes trying to restore your data from your backup source(s) and then accessing the data to verify the integrity of it.
Other items that you should consider:
Offload all images, practice management data and business documents, etc. to an external storage device and move to a safe location. Make sure that the data is encrypted as per HIPAA. With the high usage of EMR/EHR and imaging, the file size associated with online backups is substantial and may take numerous days to restore vs. an external storage solution.
Find and secure all software installation disks so that software can be installed on new computers in the event the PC's need to be replaced
If you fear flooding, move computers to the highest point in your office (on top of counters, etc.)
Consult with your IT company first, but it may make sense to unplug all your computers and devices to prevent damage due to electrical grid issues.
Have your IT company create a mirror image of all your critical servers and image acquisition computers. This will significantly increase the recovery speed in the event the servers need to be replaced.