The Risks We Missed

Denise Lacey
2 minute read

Listen to article
Audio generated by DropInBlog's Blog Voice AI™ may have slight pronunciation nuances. Learn more

A critical part of the risk management process is revisiting your risk log AFTER an issue occurs to evaluate why the mitigations did not prevent the risk from being realized, or why the risk was not identified at all. Those of us who did not foresee "pandemic closing hospitals to all but essential services and preventing clinical study patients from attending visits" have the perfect opportunity to lock that barn now that the horse is out. From this point forward, we will definitely have contingency plans that prominently feature the word "remote" - remote work from home, remote patient visits, remote monitoring visits, remote signature capability, remote IP accountability, remote audits, and so on.

As we're securing that barn door nice and tight, though, we might want to glance around to see if there are any other doors from whence that horse might escape. Is the door marked "cybersecurity" ajar? Why, look - it's wide open.

We've had plenty of warning, with the Eurofins ransomware attack in 2019 and the eRT attack in October--not to mention various assaults on hospitals and government agencies. So we continue to do our due diligence with vendors, examining their disaster recovery plans and backup schedules. Most of us have never had to deal with a computer system shutdown that lasted longer than a few hours.

« Back to Blog