Business Continuity Plan and Risk Assessment Analysis in Case of a Cyber Attack Disaster in Healthcare Organizations

Abstract

A business continuity plan (BCP) focuses on sustaining an organization’s business functions during and after an event, incidence, or disruption. Six main stages define an effective BCP. Using indicators suggested by Yang and the Academy of Science, this paper develops a model to perform risk assessment analysis in case of a disaster with focus on information technology. For managing an incidence, an organization needs to have a BCP. A lack of a BCP could put an organization at a major risk, in HC organizations lack of BCP and ineffective dialogue with other organizations potentially creates catastrophic effect on patients. Disaster readiness exercises, disaster recovery objectives, and information technology system availability ranked as top three elements of a BCP. The paper recommends a viable, repeatable, and verifiable continuity capability to keep a business and its personnel secure and safe.