TL;DR: Healthcare organisations need a minimum viable recovery strategy, but Commvault cites a GigaOm report showing 54% lack confidence in their recovery plans, which makes prioritisation, technical response, and organisational readiness the core test of resilience. Recovery planning fails when teams cannot map critical services, protect recovery systems, and sustain tested procedures under pressure.
NHIMG editorial — based on content published by Commvault: Minimum Viability Self-Assessment for healthcare recovery readiness
By the numbers:
- 54% of organizations lack confidence in their own recovery plans.
Questions worth separating out
Q: What breaks when minimum viable recovery is planned without identity governance?
A: Recovery often fails at the point where people need privileged access to backup systems, clean rebuild environments, and approval chains.
Q: Why do recovery plans need PAM as well as backup technology?
A: Because the systems that restore data and rebuild services are themselves high-risk targets.
Q: How do security teams know whether minimum viable recovery is actually working?
A: They should measure whether the organisation can restore its most critical services in the right order, with the right access, within tested service-level targets.
Practitioner guidance
- Map recovery-critical services and their identity dependencies Document which applications, databases, backup consoles, and administrative accounts are required to restore each critical clinical or business service.
- Separate recovery-plane privilege from production access Create dedicated access paths for backup, restore, and clean-room rebuild activities so recovery does not rely on broad production credentials.
- Test minimum viable recovery against real approval paths Run recovery exercises that include identity checks, privilege activation, escalation approvals, and restoration steps from an unavailable primary environment.
What's in the full article
Commvault's full blog covers the operational detail this post intentionally leaves for the source:
- The full Minimum Viability Self-Assessment structure for evaluating recovery readiness across the three MVR pillars
- The peer-comparison framing used to benchmark healthcare recovery maturity against similar organisations
- The specific questions used to assess business-critical prioritisation, technical response, and readiness
- The recommendations that translate assessment findings into practical recovery improvements
👉 Read Commvault's minimum viable recovery assessment for healthcare teams →
Minimum viable recovery in healthcare: are recovery controls ready?
Explore further
Minimum viable recovery is an identity-governed capability, not just a resilience plan. The article treats recovery as a business-first discipline, but the actual execution depends on who can touch backup systems, rebuild infrastructure, and approve restoration steps. That makes recovery access a privileged access problem as much as a continuity problem. Practitioners should treat the recovery plane as a governed identity surface, not an afterthought.
A few things that frame the scale:
- 91% of former employee tokens remain active after offboarding, leaving organisations vulnerable to potential security breaches, according to The 2025 State of NHIs and Secrets in Cybersecurity.
- 44% of NHI tokens are exposed in the wild, being sent or stored over platforms like Teams, Jira tickets, Confluence pages, and code commits.
A question worth separating out:
Q: Who should be accountable for recovery access during a cyber incident?
A: Accountability should sit with the team that owns continuity, IAM, and privileged operations together, not with a single silo. Recovery access must be pre-approved, time-bound, and auditable, because the organisation needs speed without losing control. That is especially important in regulated healthcare environments where restoration decisions affect service safety.
👉 Read our full editorial: Minimum viable recovery readiness defines healthcare resilience