A primary U.S. healthcare technology provider, seeking to develop new solutions to the challenges of ransomware and cyberextortion attacks, retained Bryghtpath to conduct tabletop exercises for their IT & technology product teams.
The Opportunity
The organization had previously worked with Bryghtpath to develop their business continuity, crisis management, and IT disaster recovery programs along with a detailed Cybersecurity incident response plan. Bryghtpath was retained by the Chief Information Officer (CIO) and Chief Product Officer (CPO) to design a series of discussion-focused tabletop exercises for their technology & product teams to navigate several specific ransomware scenarios impacting their core healthcare technologies.
The company was explicitly interested in detailing through response and recovery challenges, identifying technical obstacles that need to be resolved, and the significant decisions technology leaders would need to work through in such an incident.
Approach and Results
We kicked off the six-week effort by hosting an initial planning session with executive stakeholders to identify the exercise’s goal and establish an internal team of subject matter experts. We then worked with the internal team of experts to develop specific technical ransomware scenarios that could be used in the exercise.
We facilitated the construction of a detailed timeline for the exercises, detailing the specific ransomware scenarios identified. Each exercise would focus on a particular scenario, with time for problem-solving, identification of technical challenges, resolution of the issue, and capturing lessons learned and action items in a brief “hot wash” following the exercise.
The exercises were facilitated by the Bryghtpath team over a 2-3 hour session for each scenario. The multiple exercises were consolidated into a single after-action report detailing our observations and recommendations for improvement.
The after-action report and recommendations were used by technology leadership to further improve its response & recovery capabilities and justify investments in specific areas of improvement.
Key Activities
- Review of current technical standard operating procedures (SOPs) for response & recovery
- Review of current technical standards for backup & recovery
- Review of current Disaster Recovery Plans
- Planning sessions with an internal cross-functional team of subject matter experts
Outcomes
- Successful completion of the exercise
- Enhancements to technology response & recovery SOPs
- Improvements to Disaster Recovery Plans
- After-action report & 20+ recommendations adopted by the client
Download a PDF copy of this Case Study
We can help.
Let the experts at Bryghtpath put their decades of experience to work for your organization
We’ve designed, facilitated, and evaluated active shooter exercises for
Fortune 500 organizations around the world.
Our team has the experience, tools, and partnerships to help your organization successfully navigate the rough waters ahead – and ensure your organization is prepared.