MedStar Health management thought the company was as prepared as it could be for computer system shutdowns. That bubble was burst when MedStar became the victim of a ransomware attack earlier this year, rendering its systems unusable for a time. The company had a corporate emergency plan, as well as a plan for each of its 10 hospitals and 250 outpatient clinics, but nothing that prepared it to handle all systems going down at once. Now it’s offering this advice to other operators with multiple locations: Prepare for the worst, even if it seems unlikely to occur. That means preplanning chains (and methods) of communication, prioritizing which systems are most critical to ongoing operations and cybersecurity, and rehearsing what to do if such a disaster does come to pass, just as any company would drill for a fire or natural disaster.
MedStar Ransomware Attack a Reminder: Guard Against System Outages