Continuity Central’s lead article was contributed by BridgeHead’s Chief Technology Officer, Gareth Griffith, in response to the release of NHS England’s 2017/2018 Data Security and Protection Requirements, which sets out ten data security standards. His article focuses on one of those data security standards: “a comprehensive business continuity plan must be in place to respond to data and cyber security incidents”.
Gareth highlights that, when it comes to cyber attacks in healthcare, having a comprehensive business continuity plan is no use if the backups themselves are not secure – a single backup strategy is not sufficient and, depending on the storage media, potentially part of the problem. He argues that a well-designed and, crucially, well-tested backup and disaster recovery plan is critical to surviving a cyber attack; and multi-layered backup is core to that plan.
