Overlake Medical Center values Quest’s DR tabletop exercises to ensure patient safety and manage risk.
Not long ago, the IT team at Overlake Medical Center in Bellevue, Washington gathered in a conference room for what they believed would be a seminar about transitioning to Windows 10. Instead, they were immediately told that they were in Disaster Recovery (DR) mode and would be live-testing their DR Runbook.
They were presented with a fictitious scenario: a regional earthquake in Eastern Washington. A data center had gone down, and the hospital’s IT infrastructure was at grave risk.
If such an event were to actually happen, having precise protocols in place and being prepared to take specific steps to prevent a catastrophe could be a matter of life and death.
Scott Connelly, Overlake’s Technology Manager, says ensuring that the hospital’s essential IT infrastructure is never compromised is central to the organization’s mission.
“Patient care and safety is Overlake’s number-one priority,” Connelly says, “and our IT systems play a critical role in making sure that our patients stay safe.”
Live testing for a natural disaster event
In the conference room that day, Shawn Davidson, Quest’s Vice President of Enterprise Risk Management, joined Connelly to run a “tabletop exercise” during which a series of actions were played out. This disaster recovery exercise can be used to plan for various scenarios, including a cyberattack—in this case it was deployed to handle a natural disaster event. People in the room were assigned roles. Roadblocks were put in the way—for example, in this fictitious scenario, Connelly is unavailable, so another team member must play the role of incident commander.
The ultimate goal is to test the DR Runbook, a step-by-step plan that Quest had helped Overlake construct. Following the play-by-play in the runbook, teams were assembled and given specific tasks. While this was going on, Connelly and Davidson documented whether the teams were following the plan. The goal is to have a DR Runbook with an adequately robust plan and a team that’s prepared to execute it.
“It helps us stay honest,” Connelly says, “to go back and truly validate that our plan isn’t missing anything. And if it is, we work with Quest to add what’s needed.”
Quest first developed Overlake’s DR Runbook four years ago, and they’ve pressure-tested it with tabletop exercises each year thereafter. Connelly says over that time, Davidson’s value to his organization has multiplied.
“Shawn brings a lot of industry knowledge to the table,” Connelly says, “but just as importantly, he brings knowledge of Overlake to the table. Quest does a good job of really getting to know our organization and building a strong foundation. And every year we build upon what we’ve done to continue to improve.”
Davidson says he enjoys working with the Overlake team, including CIO Scott Waters, who he has known for more than a decade, because they’re dedicated to being as resilient as possible and not interrupting critical services to their patients.
“There are some clients, unfortunately, who are putting together Disaster Recovery plans because they have to,” he says. “The staff at Overlake works well together, has good insights, and welcomes and values our help. That makes it easy for us to become an extension of their team and build something solid and reliable. For me, and for Quest, that’s what really matters. I can’t say enough about their team and how we’ve enjoyed working with them.”
THE BOTTOM LINE
Scott Connelly, Overlake’s Technology Manager, had Quest develop their Runbook and every year Quest helps Scott and his team pressure-test it with tabletop exercises.