When it comes to critical patient care, hospitals must be able to maintain operational resilience against major threats, regardless of whether it comes from malicious hacks or natural disasters. In order to deliver sustained care, all the systems that coordinate medical histories, medicine logistics, scheduling, billing, registration, and more must be able to work seamlessly.
For patients, the stakes are truly life or death. For hospitals, long-term consequences of unresolved disruptions can lead to compliance fines, care and reputation deterioration, even bankruptcy.
Our client, one of the largest hospital systems in Southeast Asia, had already developed a robust resilience practice against natural hazards, but as cyber threats grew, needed to expand their protections to ransomware, and the combined threat of malware entry following a disaster.
To effectively protect against the full range of cyber threats, the client wanted disaster recovery testing would allow them to test more often, more easily, with more teams, and at greater scale. Their major concern was their ability to test reliably with acceptable results for their own internal operational compliance.
While compliance could have internal and external consequences, the organizational commitment was about quality and consistency of care. The maturity of their natural hazard resilience program meant they knew the level of quality the needed, and they dedicated a core group of engineers to learn CyberVR. By the end of VM2020’s on-site training with the team, their customized environment was up and running, locally empowered, and fully self-sufficient. Within days, the sophisticated testing environment was designed from scratch, customized, shared, and fully deployed.
While the hospital systems resilience team included IT, business, risk, and patient care, our coordination was provided through a service provider. From a resourcing perspective, this meant that not only was the hospital system able to surpass its expectations, but CyberVR allowed the service provider to use our automation and best practices to deliver a critical outcome at the right price and well mitigated risk.
To date, the team has been one of our most committed and active users, running tests weekly for over five years. They represent 300 VMs where workloads cover healthcare operations at 7 hospitals, running full-scale resilience and recovery testing against cyber and physical infrastructure disruptions in an active-active recovery system.