Building Resiliency Depends on Establishing Key Relationships Before Disaster Strikes

When technology fails, patient care cannot. That stark reality underscores the importance of business continuity planning in healthcare, a subject Anika Gardenhire, Chief Digital & Information Officer at Ardent Health Services, knows well. Having navigated a major ransomware incident, she believes that resilience is not just about preventing failures but about preparing for when—not if—they occur.

Scroll down to watch or listen to the full interview; or subscribe to healthsystemCIO on your favorite podcasting channel

“Holistically, the conversation is about ensuring that the core of our business—caring for people—isn’t disrupted when technology fails,” Gardenhire said. Disruptions, whether from cyberattacks, maintenance shutdowns, or power failures, are inevitable. Health systems must develop strategies to maintain operations despite such events.

The Need for Clarity in Crisis

One of the biggest gaps in healthcare IT preparedness, according to Gardenhire, is the lack of clear ownership over business continuity. Historically, disaster planning focused on physical threats like fires or severe weather, but today, technology outages can be just as disruptive.

“There was always a separation between technology and the ‘business’ side of healthcare,” she explained. “Now, as digital transformation continues, we’re realizing that technology is the business. When it goes down, everything stops.”

To bridge this gap, she advocates for a unified approach, bringing together IT teams, operational leaders, clinical staff, and risk management. Defining clear accountability—who makes decisions, who executes them, and who communicates them—is essential.

She emphasized the importance of cross-departmental training and collaboration, stating, “Technology teams and clinical leaders must be in sync. If they don’t understand each other’s workflows and constraints, business continuity plans will be ineffective.”

Leadership, Governance, and Decision-Making

In a crisis, decision-making must be swift, structured, and backed by a clear governance framework. “It’s critical to model out decision points in advance,” Gardenhire noted. “For instance, if the EMR system must be shut down, who makes that call? Who needs to be consulted? What’s the backup plan?”

Tabletop exercises help leadership teams build ‘muscle memory’ for these scenarios, ensuring they are not making high-stakes decisions on the fly. Pre-documenting decision trees and response workflows can accelerate recovery times and minimize disruption.

“We divided responsibilities into ‘cures and consequences,’ ensuring that while some focused on immediate fixes, others handled the broader impact,” she said. “Having that structured approach made all the difference.”

Another challenge is ensuring executive leaders, including the CEO and board members, are prepared to make informed decisions during an outage. “They need a framework to guide decision-making,” Gardenhire noted. “You can’t assume they will intuitively know what to do in a crisis.”

She also noted that there must be a clear distinction between crisis management and operational continuity. “Emergency teams can handle certain disruptions, but when it comes to IT outages, the leadership structure has to include individuals who understand the technical implications and how they ripple through clinical workflows.”

Managing Burnout in IT Teams

While clinician burnout has been a hot topic, IT teams face similar pressures, especially in crisis situations. Gardenhire, who worked through the ransomware attack for days without sleep, understands the toll such events take.

“Managing demand is just as important as managing supply,” she emphasized. “We need to be transparent about what IT teams can realistica...