Incident Response, Security Staff Acquisition & Development

HealthFirst revises process for prioritizing disaster recovery resources and restoration 

Dissatisfied with how it determined which business functions and IT assets needed to be restored first following a cyber incident, central Floridian healthcare system Health First recently revised its disaster recovery tiering criteria to make the prioritization process more quantitative and less subjective. 

Click for more special coverage

The new decision-making criteria are largely predicated around how severely the business would be impacted if a cyber disaster affected a particular application, according to Kimberly Alkire, system director, cyber wellness at HealthFirst, a presenter at InfoSec World 2023 in Orlando, Florida. 

“We’re healthcare. So obviously, patient safety is our No. 1 priority,” said Alkire in an interview with SC Media held prior to her ISW session on the same topic. “So if there’s anything that is going to be putting a patient at risk, or an employee at risk during a downtime, that’s going to be really highly rated in our algorithms that are on the back end of our quantitative scoring.”

Other factors that affect a business function’s DR tier ranking include financial impact, regulatory compliance requirements, reputation damage and the number of employees who use a particular application. Alkire noted that the revised tiering system applies to both preexisting applications as well as new functions and assets that are added to the business as time goes on. “And only our executive team is able to veto [a ranking] or move something up on the list,” she added. 

An application’s ranking doesn’t just affect how quickly it sees a post-incident recovery effort. Higher-tier functions also get more robust proactive DR and business continuity protections in advance of any potential cyberattack. These protections include high-availability capabilities, hot-hot configurations and back-ups, as well as downtime procedures, a DR plan, an annual DR test and 24/7 vendor support. 

“We want to make sure we’ve got… the best stuff on our crown jewels. Same thing for our alerting and monitoring,” said Alkire, noting that HealthFirst’s tiering system is “used by our infrastructure teams and our security teams for all of our processes to be able to identity what is more important and what gets first dibs on limited resources.” 

In a separate follow-up email exchange, Alkire told SC Media that the majority of HealthFirst’s tiering criteria changes were put into place in August 2022, and that 15 enterprise apps have currently been granted tier-one disaster recovery status. “We’re just wrapping up our first review cycle, which will be occurring annually to keep it operational, refining along the way as needed,” she added. 

For more details on HealthFirst’s DR tiering process and Alkire’s presentation, watch the embedded video within this article. 

Bradley Barth

As director of multimedia content strategy at CyberRisk Alliance, Bradley Barth develops content for online conferences, webcasts, podcasts video/multimedia projects — often serving as moderator or host. For nearly six years, he wrote and reported for SC Media as deputy editor and, before that, senior reporter. He was previously a program executive with the tech-focused PR firm Voxus. Past journalistic experience includes stints as business editor at Executive Technology, a staff writer at New York Sportscene and a freelance journalist covering travel and entertainment. In his spare time, Bradley also writes screenplays.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.