Facilitator:
Abstract
Cybercrime marks one of the swiftly increasing crimes on the globe, with more people using the computers to fake identity and loot other people. With the crime on the rise, methods of controlling and minimizing the crimes deem necessary in all sectors. However, in the health sector, some methods can apply to the best and combat the cybercrime completely. The paper explores the best business planning and disaster recovery practices that can be applied in the healthcare sector to address cybercrimes.
A digital world is characterized with the adoption of new strategies for executing various activities. However, hackers stand on alert to fake identity and loot people as they embrace technology. Cybercrime presents the crime in which electronic functions as the object in committing a crime (Paton, 2009). Crimes committed though cyber include hacking, phishing, spamming, child pornography, and hate crimes. However hard parents try to control their children, the vast access to the internet proves viral to the children in their own setting. Scholarly studies state that the cybercrimes threaten health sector in various ways, but the sector has limited ways of dealing with them. Some strategists argue that the healthy sector needs to borrow techniques that have proven their efficiency in others fields to contain this problem. The paper described the best techniques spelt in BCPDR that may be effective in combating cybercrimes in the health care information system.
Paton (2009) argues that dedicating and empowering the staff presets the first effective practice for dealing with cybercrime in the healthcare sector. In business continuity planning, best ways of managing areas that are delicate and tough to the organization include quarantining them. When risky areas are contained, it becomes easier for the organization to deal with critical sections of the system without interfering with others. In the health care information systems, dealing with cybercrime must invite dedication of the members of the organizing board where personnel employed are empowered to function in their jurisdictions to specifically deal with cybercrime. When personnel get such assignments, tracking any person hacking or spamming a system is easier. Being alert ensures that the information management team is in a position of responding to attacks before the situation becomes severe. For example, the team may establish best ways to reverse or block the paths used to get into the system (Miller, 2004).
Division sometimes comes out as the best ways for overcoming system attacks in various technical areas in organizations. In business planning and disaster recovery, division helps the firms to get the best practice in place so that serious problems can be contained with ease. Division presents strategic policies for protecting organizations. For the health care systems, the best practice in dealing with cybercrime presents in dividing the department into the business continuity planning section and the disaster recovery section. When the department finally divides into two, each of the sections must have unique and related goals such that when these divisions achieve their goals, the organization will successfully have combated cybercrime. Miller (2004) argues that in most organizations, the business continuity planning department functions to plans for the long-term survival of the systems and increased security. However, the disaster recovery department deals with the actual crime and the process of retrieving the data. The health care systems should not present any advanced problems hence division of the department solves the cybercrime issues completely.
Priority, ecosystem, and global thinking practices help in combating high profile cybercrimes. In most cases, people involved in cybercrimes have advanced levels of knowledge in the activities they undertake. This affirms the need of establishing smart strategies that can counter their activities while are in initial stages. Strategies guides that when an individual or an organization sets up a health facility and installs the health care communication systems, a backup facility must also exist so that any issues on the information can correct automatically without losing the information (Miller, 2004). Ecosystem thinking implies that as much as the connections have a backup system; they should not face exposure to risks without a due reason. The health care information systems must interconnect so that the data from each of them can flow in the health care facility with ease and frequency. However, the interconnections must have ways of preventing pool access so that, if a person hacks into one of the systems, the whole health care should not suffer. In case a cybercrime like hacking affects the health care facility, the treatment procedures must develop concrete methods of dealing with the genius minds. Have a priority of the activities so that any attempts by the cybercriminals can seize fast.
In order to clear the cybercrimes in the health care sector, the management must undertake plan maintenance and develop alternative plans in preparation for the failures and hiccups that may occur in the systems. Most of the health care facilities concentrate on the maintenance of the health facilities more and forget that the communication systems must also remain up to date. In the reverse care, the communication systems face a backlog because they address programmed elements only failing to respond to other aspects. Cybercrimes are mainly evolutionary which means that a firm must adopt dynamic measures to address them accordingly (Diana, 2009). In the health care sector, the disaster recovery and business continuity planning facilities must improve such that they can deal with any advanced crimes that come into the market. The recovery tearing strategy, the roles, and the personnel must all have the latest facilities in order to deal with advanced crimes. At the same time, the management must beware that a cybercrime may occur any time and the people operating the departments may have other responsibilities. Combating the cybercrime will require extra resources and work force; thus, the management must train enough personnel in all the communication departments to enhance efficiency (Virzi, 2006).
The Train, Test and Evangelize (TTE) strategy advocates for the management to set up the personnel in the best positions skill wise to manage any problems that may arise in terms of cybercrime. Presently, varieties of facilities exist where people can get training on business continuity planning and disaster recovery. The management must undertake upon their plan to get the members of staff the right training so that they can advance technically and deal with the evolutionary cybercrimes (Diana, 2009). Personal training among the members of the BCPDR in the health care communication systems and interactions with counterparts in other sectors will help to boost their prowess in the sector. In order to keep the staff on watch lines and attentive lines all the time, management must come up with surprise test sessions where the members of the disaster recovery and business continuity planning departments can deal with surprise in made tests. These tests help sharpen the skills of the people as well as keep them alert. Evangelizing involves the initial steps of dealing with the cybercrimes (McEachern, 2002). These stages involve the development of the health care communication and information systems. At the time of inception, the program must appear in many formats so that employees and experts can access it and learn how to protect it. The problems of lack of evangelization come when the employees cannot solve a simple problem because they lack awareness of how the program came into force. New employees must have orientation as a way of evangelizing the program.
In order to make the BCPDR effective, the department must get the management buy-in and undertake constant and consistent regulatory review on the systems. Most of the information systems in the health care facilities deal with the communication department that facilitates flow of information in the facility. The information stretch involves little activities from the management although the management must have the information of their existence (McEachern, 2002). However, for the best from the business continuity planning and disaster recovery, all the departments must have the notification because the project essentially covers all departments and the idea of the management buy-in deems effective in winning the confidence of the facility. Due to the optimistic management approach, the management may deem reluctant to undertake the data recovery and business maintenance services hence suspect the facility to cybercrimes. However, the communications and information department must convince the management of the potential risks to the business if the systems do not come to force in a bid to get the management into acceptance of their ideas. However, after the management buys into the idea, the challenge of maintenance remains and the business must undertake regular checks on the facility, through regulatory reviews, to ensure that the system does not have any hiccups. In essence, data recovery involves more than the installation of the systems as long as it deals with prevention of the cybercrimes.
Diana (2009) states that performance and quality metrics development deem one of the best practices used in BCPDR in the health care information systems that can help prevent cybercrime. In most cases, the people behind the cybercrimes take advantage of the fact that the organizations they affect do not have strict bases of measuring the performance of their facilities. The business eventually realizes that hacking or spamming happens long after the crime has occurred; thus, can hardly trace the criminals. However, for a health care facility to deal with the crimes, management must establish methods for identifying any interference in the performance of the primary information systems and the backup information systems (McEachern, 2002). Each load should have a profile used to generate information across systems and an analyzer or load accumulator signal that analyzes the load of activities across the network from all the inbound channels. In that case, any foreign inlet or outlet to the system’s communication should detect as spam or a hacking from a foreign source. These detections must clear out immediately or secure the details so that the points do not access the communication and information details.
McEachern (2002) observes that BCPDR may fail over alternative or standby systems. This means that the communications department must draw on the benefits of virtualizations hence simplify the deployments in order to effectively deal with cybercrime on occurrence using alterative systems. Through this strategy, the failure of the disaster recovery systems does not mean that the measures to combat the crimes fail; it simply means that an alternative can come to force, with the systems promptly accepting the new developments. When these systems come up, the department gets an extra role to undertake full mobility of the systems and data across a distance so that the temporary issues resolve before they can cause any havoc to the main systems. Through desktop mobility, virtualization can occur and monitoring of the systems eases with time. Effective application of this strategy ensures that the cybercrimes promote protective approach that is effective when compared to other practices which works under curative interventions.
According to Borzekowski (2002), genuine system and proper tool selection in BCPDR in the health care communication systems greatly help to build the security of the systems. In comprehensive business data recovery, the systems tools spell the exact measure and level of system security against external crimes. In essence, while installing the systems, the business must be keen to get the best tools in place to undertake their activities to that failure of the systems can easily sublime. The options of tools for application may all be valid, but some of the tools that function in more advanced roles than the others may be utilized. Selection of weaker systems in dealing with stronger criminals result in failure of the systems hence the criminals may get easy ways to manipulate the health care information systems (Virzi, 2006). In terms of honesty, the business must accept and be aware of reality and the true tolerance of downtime to the business systems. Before the advancement of the hacking crimes, tape backup served as the best backup system thus it could tolerate downtime for longer times. However, with modernized crimes and spamming at the top level, every business must know the level of tolerance of their systems in order to know exactly what type of measure to adopt. Failure in the honesty test puts the business at risk of advanced attack.
O’Connell (2006) infers that plan independence and application development serve the best when the health care information systems have the right tools and facilities. In application development, BCPDR must have the best practices and it should not spill over to people outside the business unless it deems necessary to do so. The management may request the information and communication department to retrieve information from outside the business that subjects the business to potential attack from the cyber criminals. In most cases, the information deems unnecessary as the management has the ability to do without the information. The role of the disaster recovery officer in this case presents an opportunity to challenge the management to visualize the significance of information, with comparison to the cost of the cybercrimes; the officers’ success in convincing the management presents the best step in the management of the systems. According to Scheier (2004), the systems to deal with cybercrimes must come in a way that it can stand alone. In case a disaster strikes on the health care facility, the disaster recovery and the business continuity planning facilities must have the ability to deal with the disaster without involving the other facilities. However, that does not mean that the plan should remain in isolation but rather the strength of the plan should not come under any form of doubt.
In disaster recovery, identity functions to help the people in dealing with any intriguing disaster on the systems. In the health care information systems, the essential practice to deal with potential cybercrimes presents in creating network profiles for identity of the systems. When the systems have identity, interference with the systems appears and mitigation deems easier that when they jumble and intermix. In case of any disaster, delays impairments such as packet jitter, loss, modification, reorder, and bit errors, the core network cordites the services hence less interference on the other inlets. Information digestion deems easier when the systems can individually function due to individual profiling (Scheier, 2004). Consequently, one test for the systems does not work for the best of the systems hence retesting must occur to get the systems at the best state possible.
Business continuity planning has proven essential most business due to its ability to deal with crimes that relate to the internet. With cybercrime threatening the existence of many businesses, BCPDR present the best strategies for managing crimes. However, the performance of these practices in protecting cybercrimes may vary depending on the nature of the firm’s in health care information facilities. This means organizations should adopt strategies that best suits their business model to enhance efficiency.
References
Borzekowski, R. (2002). Health care finance and the early adoption of hospital information systems. Rochester, Rochester: doi:http://dx.doi.org/10.2139/ssrn.337960
Virzi, A. M. (2006). A complex operation; after maintaining paper records for decades, the mayo clinic has embraced digitized health information systems to better manage patient care and trim costs. adoption has brought some pain. Baseline, 1(64), 1-61. Retrieved from http://search.proquest.com/docview/213357887?accountid=45049
Diana, M. L. (2009). Exploring information systems outsourcing in U.S. hospital-based health care delivery systems. Health Care Management Science, 12(4), 434-50. doi:http://dx.doi.org/10.1007/s10729-009-9100-4
McEachern, C. (2002). SIA releases business-continuity planning best practices. Wall Street & Technology, 39-40. Retrieved from http://search.proquest.com/docview/206631554?accountid=45049
Miller, K. C. (2004). How to meet FFIEC minimum requirements for business continuity planning. Hoosier Banker, 88(1), 36-37. Retrieved from http://search.proquest.com/docview/195302692?accountid=45049
O'Connell, K.,A. (2006). When disaster strikes. Waste Age, 37(3), 78-80,84. Retrieved from http://search.proquest.com/docview/219231905?accountid=45049
Paton, D. (2009). Business continuity during and after disaster: Building resilience through continuity planning and management. ASBM Journal of Management, 2(2), 1-16. Retrieved from http://search.proquest.com/docview/503497879?accountid=45049
Scheier, R. L. (2004). A reality check for disaster recovery: How often should you test your disaster recovery plans? some experts say once a year. but to do it right, you have to make it real. here's how. CIO Canada, 12(9), n/a. Retrieved from http://search.proquest.com/docview/217430646?accountid=45049