The Importance of a Business Continuity Plan: Cybersecurity Case Study of a Large Medical Center

A medical center must conduct business with an awareness of the possibility of cybercrime attacks or the loss of computer control because of criminal attacks on the server resulting in the compromise of patient information. Patient information can be more valuable than a personal social security number and banking information. Third-party agencies can use patient information to make decisions that can deny patients insurance and other treatment. A business continuity plan can be used to provide procedures for sustaining business operations in the medical center while recovering from a considerable disruption of the information system during a pandemic of infectious disease, a cybercrime attack, or in the case when servers break down. Information security in the medical center is critical. The information security team is responsible for the information security that is also related to the hospital infrastructure and the behaviors of stakeholders such as physicians, nurses, patients, etc. The information security team tries to maintain a secure network, for example, by installing and maintaining a firewall configuration. Strong access control is usually required, especially during a pandemic. Restricted access to cardholder data by business need-to-know works well in most sectors. Ethics and recovery criticality are also critical to the function of the medical center.