The Change Healthcare cyber-attack exposed the systemic risks of relying on a few large digital providers for critical services. When these giants stumble, entire industries often feel the pain. In this instance, the disruption interfered with pharmacy services, and provider insurance billing and pre-approvals – a nightmare scenario for medical offices left to make payroll and cover expenses with no revenues. Now imagine AI-powered diagnostics and connected clinical tools that rely on cloud services getting similarly disrupted for days. It’s a frightening scenario.

This isn't just a healthcare problem. Airlines, telecom companies, even fast-food chains – all have faced crippling outages despite their proven, resilient, robust systems. I’ve worked on and helped assess high reliability systems. Getting it right isn’t trivial and most organizations lack the internal resources and skills required to do it on their own.

The lessons? No technology or system is foolproof and hacker proof. A practical, active risk mitigation, fallback, and recovery plan is your best protection. It should be a living document supporting a continuous process, not a one-time delivery or event.

Here's are a few key points to consider. They can also serve as part of a preparedness checklist:

• Plan for Downtime: Develop fallback methods to maintain patient care during outages. This includes manual processes, equipment, tools, and alternative information sources. Identify and keep current ways to cope with the loss of critical services-see below.

• Identify Critical Services: Develop and maintain a list of services your practice depends on. Evaluate each in terms of impacts, i.e., shut down the practice, reduce capacity, impact quality, create potential regulatory violation, etc. Identify how the practice can work without, replace, and circumvent critical services should they get interrupted.

• Develop and Implement an Internal Security Plan: Identify and maintain a list of internal threats and develop strategies to address them.

• Train Your Team: Regularly train staff on these fallback methods. Drills ensure a smooth transition when disaster strikes. If your organization does not drill, then it does not have a practical fallback plan in place.

• Don't Be Caught Off Guard: A lack of a backup plan can be disastrous. Proactive preparation is key. Many plans are left to gather dust and drift into irrelevance. Avoid this mistake by keeping your fallback plans up to date as new equipment and systems are introduced.
  

Share your thoughts! How is your practice and organization preparing for tech disruptions?