M.1 Emergency Response Continuity of Operations Plan

M.1 Emrgncy Rspons Continuity of Oprations Plan

Atna Bttr Halth Bttr Halth, Inc. s Businss Continuity Program Dscription (Updatd Jun 2011) 1

1.0 INTRODUCTION Tabl of Contnts 1.1 PURPOSE 1.2 SCOPE OF BUSINESS CONTINUITY AND DISASTER RECOVERY 1.3 RISK MANAGEMENT 1.4 ASSUMPTIONS Scnario On - "Systms OK, No Building" Scnario Two - "Building OK, No Systms" Scnario Thr - "Third Party Businss Associat Out" Scnario Four - "Svr Wid Sprad Staffing Shortag" 2.0 GENERAL BUSINESS CONTINUITY PROGRAM AND PLANS 2.1 CRISIS EVENT RESPONSE PLAN 2.2 BUSINESS CONTINUITY PLAN 2.3 ESSENTIAL FUNCTIONS AND CORE SYSTEMS 2.4 COMMUNICATIONS 2.5 DISASTER BACKUP AND RECOVERY PLAN 2.6 OTHER SUPPORTING PLANS 3.0 PLAN MAINTENANCE & TESTING 2

1.0 INTRODUCTION In kping with Atna Bttr Halth s commitmnt to provid th highst quality srvic to its customrs, Atna Bttr Halth has dvlopd a comprhnsiv approach to prpar for possibl disruptions to its critical businss oprations. This documnt summarizs Atna Bttr Halth s Businss Continuity Program (Program), stablishd to minimiz th impact to critical businss procsss, rspond to disruptiv situations in an appropriat fashion, and provid dirction in rstoring th critical businss activitis back to normal opration as soon as possibl. Atna Bttr Halth s goal is to minimiz th potntial for a disruption and dcras th ffcts of a disruption on Atna Bttr Halth s infrastructur, oprations and customrs. Du to Atna Bttr Halth's concrn with providing unintrruptd quality customr srvic, th Program outlins th critical businss procsss and discusss th stratgis to provid for th continuation of critical srvics. Th Program is mandatd and supportd by Atna Bttr Halth s Board of Dirctors. This commitmnt was rnwd by th Chairman s corporat initiativ of January 2001. Th plans ar structurd such that all lvls of managmnt ar ngagd in th procss commnsurat with th svrity of vnts. Figur 1.0 is an illustration of Atna Bttr Halth s Crisis Rspons Emrgncy Organization idntifying th various ntitis within Atna Bttr Halth that ar xpctd to ngag in th vnt of a Crisis. 1.1 Purpos Th purpos of th Program is to: Provid ladrship and dirction so that Atna Bttr Halth can appropriatly manag and rspond to businss disruptions or potntial businss disruptions including a pandmic outbrak. Assss and idntify th risks and impacts to critical businss procsss; Establish procdurs to promptly rcovr rquird lctronic and hard copy data; Crat th infrastructur and action rquird to nabl critical businss procsss to continu with minimal impact to Atna Bttr Halth s customrs; and Rstor normal businss oprations onc th disruptiv vnt has bn rsolvd. Th purpos of this documnt is to provid intrstd partis with a summary of Businss Continuity Planning at Atna Bttr Halth, th scop of th plans that ar in plac and a high-lvl viw of th rcovry stratgy. 1.2 Scop of Businss Continuity and Disastr Rcovry Th Program s ky contributors ar snior managmnt, businss unit hads, lgal, facility srvics, and Atna Bttr Halth Information Srvics. Th Program is intndd to addrss a broad rang of potntially disruptiv vnts to protct a wid rang of constitunt srvics. Businss continuity includs a varity of plans: 1) Businss Continuity Plans for work units whr Atna Bttr Halth critical businss is prformd; 3

2) Disastr Back Up and Rcovry Plans (maintaind and nactd by Atna Bttr Halth Information Srvics); and 3) Crisis Evnt Managmnt Plans for ky corporat functions and for ach Atna Bttr Halth facility. 1.3 Risk Managmnt Th Program ovrsight procss is dsignd to minimiz th potntial impact of risks that businsss fac. Atna Bttr Halth, lik most companis, is suscptibl to fiv gnral aras of risk: loss of adquat staffing lvls du to pandmic outbrak or othr caus, loss of connctivity (including tlcommunications and ntwork), loss of facilitis (including loss of utilitis), loss of critical systms or data, and failur of critical third party srvics. Within ach ara of risk, thr ar varying lvls of potntial loss that could rsult. Disruptions in any of ths fiv aras can caus financial loss, rgulatory complianc issus, srvic lvl dgradation and/or loss of rputation. Atna Bttr Halth has workd to rduc or mitigat risks through th following fforts: Obtaining altrnat powr supplis or gnrators in various Atna Bttr Halth facilitis; Hardning of Atna Bttr Halth s primary and backup computr cntrs; Using physical scurity guards, survillanc and accss control quipmnt to monitor and control accss to Atna Bttr Halth facilitis and rcovry sits; Employing contractd rcovry srvics to supplmnt in-hous rcovry rsourcs, to support LAN procssing in th vnt of a disruption; and Phasing in th us of rmot rplication tchnologis to nhanc availability and rcovrability of systms and data to support critical businss procsss. 1.4 Assumptions Atna Bttr Halth s Businss Continuity Plans (BCP) ar basd on four basic scnarios for which planning solutions ar dsignd. Thy includ: 1. Scnario On Systms OK, No Building This scnario assums th total loss of th building and all its contnts in which on or mor critical oprations ar locatd. Loss of an Atna Bttr Halth facility whr critical work is prformd for a priod of 8 wks or gratr, but whr othr Atna Bttr Halth locations and businss associats ar unaffctd. In this cas BCPs ar dsignd to ract as follows: A cascad of altrnat offic call or altrnat offic procssing stratgis and solutions will nabl calls, claims and othr critical functions to b transfrrd to othr Atna Bttr Halth facilitis. 4

Spac will b availabl for affctd critical work groups at othr Atna Bttr Halth facilitis in 1-2 days to b augmntd if ncssary to a national hot sit in 1-2 wks. A significant prcntag of in offic critical workrs can b transitiond to Tlwork. Nw spac and limitd connctivity (voic and data) will b obtaind locally at a rat of about 200 work stations pr wk in th local markt. Prsonnl ndd to nact th Businss Continuity Plan ar availabl and can rspond for localizd disastr in short ordr, and would b availabl in on wk following a wid sprad disastr such as a dvastating hurrican or arthquak. Papr fils and any critical quipmnt stord within th building may b dstroyd. Howvr, locations containing critical documnts ar idntifid and in th vnt critical documnts ar not dstroyd, accss to th building will b allowd to rtriv thm. Rtrival of archivd documntation is succssful. 2. Scnario Two Building OK, No Systms This scnario assums th loss of systms ovr th ntir ntrpris with limitd xcptions. In cass whr th loss of systms is isolatd to a particular building location, rcovry will b attmptd on a cas by cas basis. Exampls includ ntworking hardwar/softwar malfunctions or loss of LAN or ntwork carrirs. In rspons to No Systms, BCPs ar dsignd to: Work around th loss of applications, systms, and srvics such as -mail until srvic is rstord at th backup data cntr. Full functionality and connctivity will b rstord within statd DBAR Rcovry Tim Objctivs (RTO) from th tim a disastr is dclard. Wb srvrs, mirrord srvrs usd for Pharmacy applications would xprinc only a short (fw hours) disruption at most. Rcovr from th loss of critical data for up to a maximum of 24 hours. 3. Scnario Thr Third Party Businss Associat Out This scnario assums loss of a critical third party srvics, data and/or connctivity for up to Rcovry Timframs idntifid in th vndr contracts. Contracts ar structurd such that any critical Atna Bttr Halth businss associat is rquird to mt or xcd Atna Bttr Halth s intrnal rcovry standards. Any altrnat vndor procssing stratgis hav also bn put in plac to rsum critical srvics procssing within rquird tim frams. 4. Scnario Four Svr Wid-Sprad Staffing Shortag This scnario assums staffing shortags as a rsult of a rgional or global Pandmic, Bio- Trrorism or similar vnt occurring simultanously at many random Atna Bttr Halth Sits, to varying dgrs of svrity and for a priod of btwn 6-8 wks at a tim, and whr 2-3 wavs ar possibl ovr an 18 month priod. 5

Absntism up to 40% for a 6-8 wk priod du to sicknss, anxity, caring for sick family mmbrs, day car or ldr car disruptions, or simply du to a lack of transportation. Quarantin or Isolation World, Fdral, Stat and local Halth Dpartmnts may shutdown non ssntial businsss in a particular ara in incipint cass. Emrgncy Staffing Atna Bttr Halth or th local halth agncy may dcid to implmnt an Emrgncy Staffing mod of opration, whr only critical staff will b allowd to com to a spcific sit and all othr staff snt to work at hom if possibl, or b idld if no ability to work at hom. Supplirs Impact may b xprincd from third party domstic and/or offshor supplirs whr oprations may b dgradd or intrruptd dpnding on thir lvl of prpardnss and/or that of th host country. Mail and Parcl dlivris and E-Commrc may b stoppd or slowd in local or rgional aras. Essntial Srvics Mass transportation availability of ful, food and ssntial supplis may impact an mploy s ability to com to work and ability for supply chains to maintain dlivry flow. 6

Figur 1.0 Atna Bttr Halth s Crisis Rspons Emrgncy Organization CERT - Evnt Coordinator A I S R E S & S c T r a v l & P r o c B C P T a m H R L g a l & R g S a f t Y E n v N M S H M G Sit - Businss Lad* * - Partnrd with Proprty Managmnt and Scurity for Hom Offic and Campus Facilitis C A L L S C L A I M S P M / U M H R C G & A U N D W R I S A L E S R E S C o m m s A I S Incidnt Commandr E M g m n t H a l t h G a s A m b E l c t P h o n W a t r F i r P o l i c H o s p C o m m s DBAR - PM N t w o r k T l c o m m s D s k t o p V n d r s N O C L A N C n t r s H l p D s k A p p S u p p t A T & T M C I I n f r a s t r u c Human Rsourcs Chif of Staff to Chairman/CEO Prsidnt (Businss Oprations) Chif Financial Officr (Financ) AIS Chif Mdical Officr (Mdical Svcs) Chairman/CEO & Dircts Board Rcovry Sit Managr C A L L S C L A I M S P M / U M H R M C M / C C R U N D W R I S A L E S F a c i l s C o m m s A I S Excutiv Corporat Businss Aras with BCPs Stat / Municipal AIS Extrnal / Privat Agncy Sit Managmnt Lgnd Communications P S S 06/02/2008 Hom Offic Fild Offic, HO or Campus P S S Hom Offic Colonial Room Middltown Campus/Data Cntr Rcovry Sit(s) Command Cntr Command Cntr ERT - CEO Lgal/Rgulatory Non Atna Rspondrs F I n a n c I M / L C P Communications & Coordination Dpt. Lvl BCPs ERT/CERT Liaison Had of TMS R d C R H a l t h O p s 7 CONFIDENTIAL CONFIDENTIAL CONFIDENTIAL

2.0 GENERAL BUSINESS CONTINUITY PROGRAM AND PLANS Atna Bttr Halth, Inc. and its affiliats, ach hav thir own businss continuity, crisis managmnt, and disastr rcovry plans, in addition to and sparat from th corporat plans, in support of localizd oprations and rsourcs. Ths plans addrss mrgncy procdurs that attmpt to minimiz th impact on halth and safty of mploys, customr srvic, financial standing and rputation. Our program is comprisd of thr componnt plans which ar dsignd to support and complmnt on anothr. Ths plans ar th Crisis Managmnt Plan, Businss Continuity Plan (BCP), and Disastr Backup and Rcovry Plan (DBAR). Th purpos of Atna Bttr Halth s Crisis Managmnt Plan is to nsur that protctiv actions ar quickly implmntd for th occupants of th buildings affctd and to nsur activitis such as damag mitigation, salvag, communications and dcision-making ar initiatd. Th Crisis Managmnt Plan invoks appropriat lmnts of th DBAR and/or BCPs as rquird. Th Crisis Managmnt Plan dircts th affctd sit and hom offic rspons, and also coordinats with all othr plans. Th purpos of Atna Bttr Halth s BCP is to nsur impactd critical businss aras rciv th highst priority for rcovring thir function within stablishd rcovry tim objctivs. Th BCPs contain tam rostrs, contact numbrs, rcovry stratgis as wll as altrnat sit rsourc rquirmnts. Thy dirct ach businss continuity tam in th rcovry of thir most critical businss procsss. Th purpos of th Disastr Backup and Rcovry Plan is to nsur that all critical IT infrastructur, systms, data, and ntworks ar rcovrd commnsurat with th objctivs of th DBAR plan. Atna Bttr Halth also maintains othr plans which support th Businss Continuity Program and ar dsignd to nsur appropriat scurity masurs ar takn in rspons to spcific thrats, nsur communications ar clar and consistnt, and nsur any nvironmntal or safty concrns that mrg ar addrssd. An illustration of Atna Bttr Halth s ovr all approach in avoiding, mitigating or rsponding to all vnts that can advrsly affct Atna Bttr Halth s Businss Oprations is dpictd in Figur 2.0: 8

Figur 2.0 Atna Bttr Halth s Evnt Avoidanc, Mitigation and Rspons Stratgy Businss Continuity Program Avoidanc - Fir Supprssion - Scurity (Physical & IT) - Gnrators - Proprty Slction - Fir Wall Virus Protction Businss Continuity Planning Mitigation Programs - Rcords Managmnt - Work at Hom program - Lgal & Complianc - Risk Managmnt DBAR Evnt Managmnt Plans Businss Continuity Plans Supporting Dpartmnt Procdurs & Policis Scurity - Systm and Application Rcovry - Tlcommunications / Connctivity - Dsktops - Data/Data Cntr - Distributd Systms - LAN Cntrs - Rcovry Managmnt - Excutiv Managmnt - Situations Assssmnts - Information Assssmnt - Information Gathring - Notification / Plan Activation Flow - Rsourc Mobilization - Rspons Procdurs - Rcovry stratgis - Rsourc rquirmnts - Rcovry Procdurs - Rstoration Procdurs - Coordination Issus - Supporting Information Safty Environmntal - Building Failur Procdurs - Lif Safty Issus - Environmntal Standards - Scurity procdurs - Scurity Fild Emrgncy Rspons 9

2.1 Crisis Evnt Rspons Tam Atna Bttr Halth has stablishd a Crisis Evnt Rspons Tam (CERT) to assur ladrship and dcision-making during any potntially disruptiv vnts. Th CERT's primary dirctivs ar to: Rapidly assss situations, vnts and infrastructur issus (intrnal and xtrnal); Appropriatly rspond to vnts to minimiz disruption and nabl rapid rcovry of critical businss functions; Provid timly communications to Atna Bttr Halth mploys, critical third partis, customrs and th public; and Appropriatly monitor and adjust to ongoing vnts and implmnt ffctiv action. Atna Bttr Halth s CERT compriss of managrs and profssional staff from various aras of th Company including fild offics. Th CERT has th rsponsibility, authority and sufficint bradth and dpth of knowldg to ffctivly advis snior xcutivs on appropriat courss of action. CERT mmbrs ar chosn bcaus thy can ffctivly analyz availabl information; undrstand th potntial impact of a disruption to Atna Bttr Halth, its infrastructur and its customrs; and timly mak problm-solving dcisions. Th CERT will gathr at th pr-dtrmind command cntr locations and bgin thir dcision-making procss aftr rciving notification of a potntial thrat. Spcifically, this tam is rsponsibl for: Ensuring th safty and wlfar of mploys; Activation of appropriat Fild and Hom Offic Evnt Rspons prsonnl; Rqusting assistanc from local disastr authoritis; Coordinating th activitis of prsonnl during a disastr; Dciding whn to nact or cas activation of th businss continuity plans; Srving as th cntral sourc for data and information about th vnt; Making dcisions about th Company s rspons; Coordinating communication rsponss to Customrs, Plan Sponsors, Mmbrs, Providr Ntworks, Employs, Critical Third Partis, mdia and th public; Coordinating and communicating with all appropriat jurisdictional rgulatory ntitis such as Insuranc Dpartmnts; Modifying mmbr and plan sponsor policy as ncssary for rgional or national disastrs; Assssing availability of staff and possibl transportation nds; Mobilizing support from all aras to assist in prompt rcovry; and Initiating facility rcovry and r-ntry procss. 10

2.2 Businss Continuity Plan (BCP) Atna Bttr Halth s most critical businss aras ar protctd by BCPs customizd to th ara of opration, and also subjct to th Crisis Managmnt Plan and DBAR. Oprating Division Managrs from ach critical businss ara ar rsponsibl for crating and maintaining thir BCP. Th Oprating Division Managrs ar xcutiv managmnt prsonnl slctd for thir knowldg of thir businss unit and ladrship abilitis. In th vnt of a disastr, th businss aras will provid information to th CERT, which may activat th continuity plans as appropriat. In th vnt a disastr is dclard, th businss unit continuity tam will work undr th gnral dirction of th CERT to implmnt rcovry procdurs and rstor businss procsss. Businss unit continuity tams ar rsponsibl for th following activitis: Crat and maintain a tam to addrss rcovry procdur and ach mmbr of th tam must hav currnt contact information for othr mmbrs of th tam; Establish a communications and plan rollout training with tam mmbrs; Excut rcovry procdurs upon an vnt managr s rqust; Allocat work to othr Atna Bttr Halth offics, if rquird; Slct and transition critical staff to bcom tmporary tlworkrs; Expand procssing capacity by ngaging contingnt workrs, xtndd work hours and through invoking 3 rd party contract provisions; Invok Altrnat Oprating Modls; Rlocat to an altrnat sit, if rquird; Initiat work arounds, if rquird; Kp CERT informd of status and rsourc nds; Manag th rstoration of th businss onc th rcovry priod nds; and Hlp maintain, updat, tst and continuously improv th BCP on a rgular basis undr th guidanc of Corp BCP Tam. Each BCP: Contains contact information for BCP Rspons Tam mmbrs; Itmizs th quipmnt nds and spcial rquirmnts of th businss units to rsum critical procsss; Idntifis an altrnat sit in which to rlocat and rquirmnts to mak that sit oprational; Contains contact information for consultants and vndors that may b of assistanc; Contains contact information for critical contacts within Atna Bttr Halth; Contains stps to rtriv businss critical documntation; Includs critical data and voic communications rquirmnts and a listing of all incoming and outgoing tlphon numbrs, spcifics about thir associatd circuits, hours of opration and circuit typ; Contains lists of tchnical hardwar/softwar rquirmnts ndd for work groups to bcom oprational at an altrnat sit; Documnts critical computr applications and thir associatd priority for rcovry; Idntifis critical functions prformd at th facility and lists job titls and phon numbrs of mploys; 11

Documnts rquird manuals, forms and othr critical documntation; Idntifis any spcial oprating procdurs; and Contains a list of manual oprating procdurs, if ndd. Atna Bttr Halth's BCP stratgy is to activat ach BCP tam within th affctd offic and coordinat thir nds and prioritis with th CERT and DBAR tams. Th plans lvrag Atna Bttr Halth s ntrpris-wid rsourcs and nsur priority is givn to th appropriat group, applications and rsourc nds. Aftr businss is disruptd, fforts will b mad to r-rout customr srvic to othr Atna Bttr Halth call cntrs, Atna Bttr Halth Navigator or a national Voic Rspons Unit. Damag will b assssd and an initial Estimatd Tim for Rcovry dvlopd. Dcisions will b mad as to which rcovry stratgy to nact. Calls will b rstord to th normal businss units onc mploys ar rturnd to th facility or rlocatd to an altrnat sit. Work arounds, r-allocation of work and work at hom ar all viabl rcovry stratgis and will b considrd and utilizd as appropriat. Third party vndors such as imaging, mail or publishing vndors that support Atna Bttr Halth s critical procsss ar rquird to hav thir own BCP. Vndor plans ar rviwd for thir ability to mt individual unit rcovry tim objctivs. 2.3 Essntial Functions and Cor Systms Atna Bttr Halth Bttr Halth, togthr with its affiliats, maintain a dtaild businss continuity program with ovr 300 sit spcific plans to addrss its critical businss work group oprations. In th vnt of an offic outag, procssing is transfrrd to othr offics within Atna Bttr Halth Bttr Halth s ntwork with littl or no disruption to srvic lvls. Atna Bttr Halth considrs th following oprational and IT systms ssntial in trms of businss continuity: Cor Systms Claims Eligibility Enrollmnt Atna Bttr Halth Bttr Halth Intrnt Wbsit Oprational Systm Call Cntrs Rgardlss of th typ and xtnt of a disruption, ach functional ara involvd in cor systm or oprational functions has dvlopd its own procdurs to continu th dlivry of srvic until rcovry has bn attaind. Each ky mploy,.g., Chif Excutiv Officr, xcutiv managmnt, oprating division managrs and othr ladrs ssntial to mission critical procsss, rciv spcific rols and rsponsibilitis prtaining to BCP/DBAR/CMP as applicabl. Ths ar summarizd blow: 12

Chif Excutiv Officr (and/or dlgat) Ensur rsourcs ar assignd to dvlop, maintain and tst plans critical to your mission critical businss procsss Whnvr plan is nactd, attnd and Chair BCP/DBAR/CMP mtings to provid dirct ovrsight of xcutiv managmnt and dpartmnt lvl dcisions and rsourc utilization Hold rgular brifings with xcutiv managmnt rgarding dpartmntal BCP/DBAR mod of oprations Whnvr plan is nactd, rqust rgular brifings and situation rports on status of dpartmnt actions and issus Ensur a dpartmnt lvl plan is cratd for ach functional unit and cor businss procsss, including assignmnt of a dpartmnt lvl coordinator who is traind on th spcifics of th BCP/DBAR and can nsur continuity of oprations accordingly. Oprating Division Managrs Ensur rsourcs ar assignd to dvlop, maintain and tst plans that support Highly Critical businss procsss Provid managmnt dcision support & communications to all BCP/DBAR/CMP tams Bcom familiar with your assignd plans BCP/DBAR/CMP Plan ownrs prform annual rviw and sign off of all plan lmnts Notify BCP/DBAR/CMP Tams whn plan movs to anothr sit or is canclld or whn nw BCP Coordinators ar assignd B fully awar of pandmic challngs and prpar yourslvs and your familis to minimiz th impact of a pandmic and maximiz your availability to prform your mrgncy rol Commit to th govrnanc structur that will b rquird to manag your ara during a pandmic Ensur dpartmntal pandmic and natural disastr rcovry stratgis ar viabl and rady to b xcutd to nsur businss continuity B fully awar of any intrfac changs in oprating rlationships rquird with intrnal partnrs as wll as with 3 rd party supplirs Rdirct rsourcs to bolstr critical aras and rinforc any Atna Bttr Halth Bttr Halth mrgncy, natural disastr or pandmic rlatd policis and xpctations Provid ovrsight and communications on bhalf of or dirctly to th Chif Excutiv Officr or his/hr dlgat rgarding all xcutiv managmnt dcision support & communications with all BCP/DBAR/CMP tams Coordinat th activitis ndd to maintain and improv ach sgmnt or dpartmnts BCP/DBAR/CMP plans Rport and idntify any potntial chang of status rgarding th BCP/DBAR/CMP plans to th CEO or dlgat immdiatly of th chang and ffctiv dat Ensur dpartmnt lvl BCP/DBAR/CMP ar rviwd by Chif Excutiv Officr or his/hr dlgat and up to dat 13

Ensur th dpartmnt maintains BCP/DBAR/CMP plan radinss by rolling out and tsting thir plans and rcovry stratgis Tam Ladrs Call Ladrs Rspond to th initial occurrnc of a disastr and nact your BCP/DBAR/CMP and lad your BCP/DBAR/CMP tams in th vnt of businss disruption du to a natural disastr, pandmic or othr mrgncy Ensur your BCP/DBAR/CMP tam is notifid and activatd in accordanc with BCP/DBAR/CMP plans Notify and communicat your xcutiv managmnt tam Implmnt short- and long-trm stratgis for rcovring work procsss in accordanc with rcovry tim objctivs Rciv status and instructions from BCP/DBAR/CMP xcutiv managmnt Rport on BCP/DBAR/CMP tam status, barrirs to succss and rsourc nds to xcutiv managmnt and oprating division managrs Considr and includ intrdpndnt businss units within Atna Bttr Halth Bttr Halth divisions and xtrnal rlationships within Atna Bttr Halth Bttr Halth and th BCP/DBAR/CMP plans. Validat th BCP/DBAR/CMP plan to bttr nsur its succss Ensur all partis affctd by BCP/DBAR/CMP plan, within and outsid of th procss, ar awar of th BCP/DBAR/CMP plan and of th actions that will b takn in an mrgncy Updat, maintain and tst BCP/DBAR/CMP plans in accordanc with Atna Bttr Halth Bttr Halth standards Rgularly mt with BCP/DBAR/CMP tams to rviw and roll out BCP/DBAR/CMP plans and updats B fully awar of pandmic challngs and prpar yourslvs and your familis to minimiz th impact of a pandmic and maximiz your availability to prform your mrgncy rol Ensur radinss to xcut th pandmic rcovry stratgis and policis outlind in this plan Communicat and roll out to tam mmbrs th spcial pandmic xpctations and provisions outlind in BCP/DBAR/CMP plans Managing th post-disastr rcovry priod Administr transition back to th pr-disastr nvironmnt Ensur prpardnss and availability of th BCP/DBAR/CMP tam mmbrs to rspond to th disastr, st rcovry prioritis Evaluating nd for outsid support (.g. vndors, consultants tc.) and arranging for aid, as ncssary Calling tam mmbrs within your calling group Assisting th Tam Ladr as ndd to organiz th rcovry tam Following procdurs for rspons, rcovry and rstoration as rquird by th BCP/DBAR/CMP plans 14

B fully awar of pandmic challngs and prpar yourslvs and your familis to minimiz th impact of a pandmic and maximiz your availability to prform your mrgncy rol. Tam Mmbrs/all othr staff Following dirctions from Tam Ladr, Call Ladrs, Oprating Division Managrs, Excutiv Managmnt and th C.E.O. and his/hr dlgat Assisting Tam and Call Ladrs, and othr xcutiv managmnt to mt rspons, rcovry and rstoration objctivs by following th BCP/DBAR/CMP procdurs B fully awar of pandmic challngs and prpar yourslvs and your familis to minimiz th impact of a pandmic and maximiz your availability to prform your mrgncy rol. Information Systms Ky Staff Function Dirctor, Systms Information Brif Dscription Provids ovrsight to disastr rcovry procdurs and suprviss individual IT groups as thy xcut thir disastr rcovry dsktops. Also rsponsibl for coordination across th IT dpartmnts, answring qustions as thy aris, communicating progrss to th CIO, and procuring additional quipmnt as ndd. Rcovry Coordinator Effort Rsponsibl for assisting in ovrsight of disastr rcovry procdurs as th disastr rcovry plan is xcutd. Also rsponsibl for coordinating and rsolving issus and qustions, monitoring and tracking task chcklists, and providing status updats to th managmnt tam. Tlcommunications Rsponsibl for routing all ncssary call cntr phon numbrs, fax numbrs, and xtrnal partnrs voic capabilitis as ndd. Th Tlcommunications group is rsponsibl for nsuring that mmbr and providr calls ar routd appropriatly to allow for timly call rspons and call tracking. 15

Function Tchnical Srvics Brif Dscription Th Tchnical Srvics group is rsponsibl for nsuring that ncssary workstations ar built and dployd using th standard Mdicaid Businss Unit configuration. Thy ar also rsponsibl for othr tchnical infrastructur rlatd tasks including; pointing applications to nw locations, assisting with printr and fax issus, and othr nd-usr tchnical issus. Ntwork Enginring Databas Administration This group is rsponsibl for nsuring that LAN and WAN capabilitis ar availabl and othr tchnical infrastructur rlatd tasks including; Intrnt accss, rstoring th Exchang srvrs for - mail, fil transfrs, any nd-usr connctivity issus, and configuring srvrs procurd for long-trm disastr rcovry support. This group is rsponsibl for making sur that all application databass ar fully rstord and ar rady for nd usr us. Thy ar also rsponsibl for monitoring th rstord databass to nsur propr prformanc and us, nsuring offsit mdia arrangmnts ar complt, maintaining daily log shipping to th DRP Hot Sit srvrs, and that propr data rtntion policis ar dfind and followd. Oprations This group is rsponsibl for nsuring that rgularly schduld batch jobs ar proprly xcutd onc th applications hav bn rstord. This includs batch activitis such as mass claim adjudication and crating th mmbrship card fils. This group is also rsponsibl for maintaining th DRP Hot Sit bin contnts nsuring th contnts ar currnt and th bin is scurd. Application Managmnt This group is rsponsibl for nsuring that th applications hav bn succssfully rstord by th Information Systms tam. This includs nsuring that th applications ar functioning (may rquir rinstalling application softwar), th databass ar succssfully rstord to th appropriat dat, and prforming final validation on faturs and functions bfor rlasing th applications for businss us. This group will also b rsponsibl for answring applicationrlatd qustions onc th applications ar rlasd to th businss usrs. 16

2.4 Communications Communication with Employs In th vnt th Businss Continuity Program and its rlatd plans,.g., CMP, DBAR ar implmntd, staff is alrtd that th plan is implmntd and that a data cntr rcovry ffort has bn officially activatd. Staff is alrtd via a tlphon call, kping a rcord of individuals contactd or rquird subsqunt follow-up calls. Dsignatd staff (i.. first lin contact staff or thir back-ups) is instructd not to spak with or shar any information with any prson othr than th Atna Bttr Halth mploy and for quality assuranc rasons, ar rquird to utiliz a tlphon script, similar to th on providd blow, in thir tlphon outrach fforts to Atna Bttr Halth mploys: 1. If contact is mad, say "MAY I SPEAK WITH (Individual)?", and thn provid th following information: - Brif dscription of th problm - Location of th BCP tam mting location: Phon numbr to call into: - Action rquird - Inform prsonnl to mak no public statmnt rgarding th situation 2. If not availabl, - Say "WHERE MAY I REACH (Individual)"? - If at any location othr than work, gt phon numbr, mak call and provid th information in itm #1. - If individual is at work, indicat you will rach th individual at work. 3. If no answr or contact: - Priodically rcall, until contact is mad. 4. Rport to managmnt whn all contacts hav bn compltd along with xpctd on-sit arrival tims for unit rcovry tam mmbrs. Atna Bttr Halth also communicats with staff via its Xtrant and provids disastr rlatd information on this sit. Th Xtrant is an Intrnt wb portal that allows Atna Bttr Halth mploys to scurly accss many of Atna Bttr Halth s intrnal systms and applications from thir hom PCs through thir prsonal intrnt srvic providr. Basic faturs includ accss to - mail and calndar facilitis, and advancd faturs, dpnding on mploy s scurity claranc and functions, includ accss to Atna Bttr halth s host systms, Intrant and Ntwork Shars dirctoris. Othr bnfits for mploys includ: - No clint softwar, or configuration changs ar rquird. - Th traffic btwn th mploy s browsr and Atna Bttr Halth's srvics ar ncryptd. 17

- "Strong Authntication" is usd to for Xtrant Advancd Faturs to accuratly idntify usrs and scur Atna Bttr Halth s facilitis. Atna Bttr Halth and mploys do not incur potntial long-distanc phon chargs by dialing into ntworks dirctly. All Atna Bttr Halth mploys can gain accss to th Xtrant with thir ntwork ID and password. No additional Ids, scurity authorization or managmnt approval is rquird. W hop you will tak advantag of this srvic, and find it usful. Plas ncourag your co-workrs to also utiliz Xtrant. Communication with Vndors Atna Bttr Halth has numrous xtrnal partnr rlationships that provid ssntial srvics and applications. As part of its subcontract with ths vndors, ach vndor is rsponsibl for having thir own Disastr Rcovry Plans to nsur rstoration of th critical application srvic. As statd arlir, Atna Bttr Halth dsignats Rlationship Managrs who ar rsponsibl for contracting and ovrsing th rlationship of thir assignd supplir to nsur cor businss functions continu as rquird and in accordanc with th contractual rquirmnts. Th Rlationship Managr is th dsignatd individual to stablish contact with vndors and supplirs in th vnt of an Atna Bttr Halth local or corporat outag affcting th supplir s contractual obligations to Atna Bttr Halth. Supplirs ar contactd via svral mchanisms, i.. tlphon and lctronic mail, and may also rciv important information from Atna Bttr Halth in th sam mannr as information dissminatd to providrs and mmbrs,.g., through Atna Bttr Halth s Intrnt wbsit, mdia outlts, and/or through phon rcordd mssags. 2.5 Disastr Backup and Rcovry Plan Anothr ky lmnt to th ovrall Businss Continuity stratgy is th Disastr Backup and Rcovry Plan (DBAR). Th DBAR: Activats th DBAR rcovry tams; Rcovrs dsktop systms and phons; Rcovrs LAN and WAN connctivity; Rcovrs critical sit applications, data and -mail; Rcovrs corporat data cntr applications, data and procssing; Rcovrs PBX and tlcommunications infrastructur; Ensur th timly switching of calls to othr Atna Bttr Halth offics; Supports rlocation stratgis with dsktops and phon srvic; Optimizs altrnat work capabilitis for ffctd Atna Bttr Halth prsonnl aftr an vnt. Atna Bttr Halth's disastr backup and rcovry stratgy is to provid and maintain an intrnal disastr rcovry capability. Th DBAR lvrags Atna Bttr Halth's intrnal computr procssing capacity of its two larg computr cntrs, locatd in Conncticut. Th DBAR is dsignd to utiliz xisting hardwar in rcovry of Atna Bttr Halth s critical systms. Atna Bttr Halth has also contractd with an xtrnal hot sit vndor to support rcovry of som critical systms and has also contractd with major national vndors to obtain rplacmnt quipmnt. 18

DBAR documnts th stratgy, systms, procss and rsourcs ndd to rcovr th ntwork, mainfram, windows and midrang systms. Th DBAR includ information on contact and mobilization of critical staff and ky managmnt prsonnl who hav th authority to invok th plan and th tchnical knowldg to support th rcovry. Th DBAR also provid chcklists of milstons for monitoring th stps and squnc of critical rcovry tasks that nd to b followd in ordr to rcovr from a data cntr disastr. Th DBAR also includ any support information that might b ndd such, as vndor contact lists. Individual computr application rcovry plans, documnt tchnical and managmnt contacts, invntory of applications, synchronization of intgratd systms, and validation procdurs. Th plans ar maintaind routinly and utiliz automatd rcovry procsss to nsur appropriat data idntification and timly rcovry. Plans ar vrifid through priodic walk-through, limitd tsting and data invntory rviws. Atna Bttr Halth s tlcommunications vndors hav thir own disastr rcovry plans in ffct. Tlphon calls normally rcivd by th affctd sit ar first routd to othr offics in th vnt of disastr. Atna Bttr Halth maintains and implmnts ongoing nhancmnts to disastr rcovry plans, procdurs, and tsting to insur thir radinss in cas of a major disastr. Each srvic cntr has back-up facilitis should a disastr, such as a fir or arthquak, occur. Our nationwid, intgratd claims procssing systm nabls any othr srvic cntr in th country to provid computr back up in an mrgncy If a computr failur occurs, systm nginrs working on-sit will mak th ncssary adjustmnts. If th ncssary adjustmnts will b tim consuming, w will xchang th failing computr with anothr computr from our tst systms or spar quipmnt invntory. In th vnt of a failur in th Middltown data cntr, back up is availabl in othr company facilitis. Our claim systm faturs an unintrruptd powr supply systm backd up with gnrator powr, which rsponds within fiv sconds of any powr failur. 2.6 Othr Supporting Plans Th Businss Continuity Program is supportd by svral othr dpartmnt contingncy procdurs within Atna Bttr Halth. Ths plans, such as th Corporat Safty & Environmntal Plan as wll as Spcific Situation Scurity Plans and Ral Estat Rcovry Plans which provid a basis for cration and monitoring of tmporary workspac as wll as critria for r-occupancy. 19

3.0 Plan Maintnanc & Tsting Atna Bttr Halth s Businss Continuity Program has an activ simulation xrcis, tsting and maintnanc procss in plac dsignd to train tam mmbrs and to captur gaps and changs to th businss it is built to protct. Th plans ar rviwd at various intrvals on a rgular basis to confirm that all of th major plan componnts, from th up-front basic assumptions to th mmbrs of th businss unit continuity tams, rmain currnt. For furthr information, plas contact Dan Aloi, Had of Businss Continuity Srvics at 860-636- 5968. 20

AETNA INFORMATION SYSTEMS AETNA MEDICAID BUSINESS UNIT DISASTER RECOVERY PLAN Plan Ownr: Trry Nwman Latst Rvision: Dcmbr 2010 AETNA CONFIDENTIAL Do not dissminat outsid of Atna, Inc. 21

AETNA MEDICAID BUSINESS UNIT TABLE OF CONTENTS SECTION: A. INTRODUCTION... 3 Introduction... 3 Dscription... 3 Plan Assumptions... 3 Primary Objctivs... 3 B. EMPLOYEE CALL LIST... 5 C. ROLES & RESPONSIBILITES... 8 D. RESOURCE REQUIREMENTS... 10 E. RECOVERY PROCEDURES... 11 F. VENDOR CONTACT LIST... 14 G. RESTORATION (GO BACK) PROCEDURES... 16 I. SUPPORTING INFORMATION... 18 APPENDIX A: RECORD OF CHANGES... 20 APPENDIX B: DRIVING DIRECTIONS... 21 AETNA CONFIDENTIAL 2 Do not dissminat outsid of Atna, Inc. 22

Introduction AETNA MEDICAID BUSINESS UNIT A. INTRODUCTION This documnt is th Disastr Rcovry plan for AETNA MEDICAID BUSINESS UNIT (AMBU). Th information prsnt in this plan guids managmnt and tchnical staff in th rcovry of AETNA MEDICAID BUSINESS UNIT s critical systm oprations in th vnt that a disastr disabls or dstroys its Cotton Cntr Data Cntr. Dscription This rcovry plan is composd of a numbr of sctions that documnt rsourcs and procdurs to b usd in a disastr vnt at AETNA MEDICAID BUSINESS Unit s Cotton Cntr Data Cntr. This plan is availabl via th Disastr Rcovry Planning Srvics wbsit undr th Rcovry Plans link on th lft sid of th hom pag. Plan Assumptions Th individuals that would b rcovring AETNA MEDICAID BUSINESS Unit s critical systm oprations must hav a dtaild working knowldg of th currnt infrastructur and application nvironmnt. AETNA MEDICAID BUSINESS UNIT s critical tir-on applications will b rcovrd in Atna s Windsor Data Cntr. AETNA MEDICAID BUSINESS UNIT s rmaining applications, othr than tiron, will b rcovrd in Atna s WCC utilizing Atna s HP Quickship agrmnt. Rcovry tim objctivs for tir-on applications ar 0-12 hrs; RTO for rmaining applications is 1-4 wks. Primary Objctivs This disastr rcovry plan has th following primary objctivs: 1. Provid intrnal contact information to alrt ky prsonnl at th tim of disastr. 2. Dfin th rols & rsponsibilitis within th dpartmnt that would b rquird to carry out th plan. 3. Idntify th quipmnt, procdurs, and th prsonnl xprtis that would b rquird to carry out th plan 4. Provid information concrning outsid vndors that will b rquird to carry out th plan (if applicabl) AETNA CONFIDENTIAL 3 Do not dissminat outsid of Atna, Inc. 23

5. Idntify th rstoration procdurs to rstor th srvic back to th primary sit. 6. Idntify th procss for maintaining th plan. AETNA CONFIDENTIAL 4 Do not dissminat outsid of Atna, Inc. 24

AETNA MEDICAID BUSINESS UNIT B. EMPLOYEE CALL LIST Immdiatly following a disastr, a plannd squnc of vnts bgins. Ky prsonnl ar notifid and rcovry tams ar groupd to implmnt th plan. NOTIFICATION SCRIPT Us this procdur to alrt staff whn a data cntr rcovry ffort has bn officially activatd. Plac calls kping a rcord of individuals contactd or rquiring subsqunt follow-up calls. Do not shar information rgarding th situation with anyon othr than th contact. 1. If contact is mad, say "MAY I SPEAK WITH (Individual)?", and thn provid th following information: - Brif dscription of th problm - Location of th Unit s mting location: 1830 N. 95th Av #100 Phonix, AZ 85037 Phon numbr to call into: Toll fr: 1-888-566-8440 Toll: 1-719-785-4400 Participant passcod: 938630 Modrator passcod: 9386301 - Action rquird - Inform prsonnl to mak no public statmnt rgarding th situation 2. If not availabl, - Say "WHERE MAY I REACH (Individual)"? - If at any location othr than work, gt phon numbr, mak call and provid th information in itm #1. - If individual is at work, indicat you will rach th individual at work. 3. If no answr or contact: - Priodically rcall, until contact is mad. 4. Rport to managmnt whn all contacts hav bn compltd along with xpctd on-sit arrival tims for unit rcovry tam mmbrs. ***Donats first lin of contact for mploy notification in th vnt of a ABH disastr dclaration. In th vnt, Trry Nwman is unavailabl; Michal Fltchr will b rsponsibl for contacting th appropriat individuals. AETNA CONFIDENTIAL 5 Do not dissminat outsid of Atna, Inc. 25

AETNA MEDICAID BUSINESS UNIT Call Tr List Employ Titl Work Hom Cll Trry Nwman** Systm Enginring Managr, Had of (602) 659-1232 AETNA DRPS Michal Fltchr** Projct Managr, Rcovry Effort (480) 985-2053 Coordinator Kurt Bahrs DR Tam Lad, Atna (860) 273-0581 Mg McCarthy CIO, Atna (860) 273-7354 Had of Atna Bob Losir Tchnology Mgt Srvics (860) 273-6900 Kvin Wicks Ntwork Mgr (602) 659-1218 David Hollis Oprations Mgr. (602) 659-1216 Kathy Schafr Tlcommunication s Suprvisor (602) 659-1211 Mik Symour Systm Analyst (602) 659-1234 Chris McGuir Linda Davis Infrastructur Spcialist Dsktop Support Spcialist On-call Ntwork Tch (602) 659-1229 (602) 453-8310 Jff Muhlhausn Nt. Enginr (602) 659-1217 On-call Ntwork Systms Carlos Gonzalz DBA Suprvisor (602) 377-8269 Lighann McCain Sr. SW Dv. (602) 659-1457 On-call DBA Saul Flors Job Schdulr (602) 659-1214 Ann Romr Grg Kraus Snior Tch. Mgr Production Srvics Snior Application Dvlopmnt Mgr (602) 659-1207 (602) 659-1230 Todd Cassl EDI (602) 659-1236 Paul Cavanaugh Application Dvlopmnt (602) 659-1237 Grg Kraus Rports (602) 659-1230 AETNA CONFIDENTIAL 6 Do not dissminat outsid of Atna, Inc. 26

Employ Titl Work Hom Cll Tim MacDonald Businss Srvics (602) 659-1262 Mlan Jons Businss Srvics (602) 659-1220 Max Foglsong Controls, Procsss and Administration 602-659-1239 AETNA CONFIDENTIAL 7 Do not dissminat outsid of Atna, Inc. 27

AETNA MEDICAID BUSINESS UNIT C. ROLES & RESPONSIBILITES This sction of th plan dscribs th various rols and rsponsibilitis within AETNA MEDICAID BUSINESS UNIT. Function Dirctor, Information Systms Rcovry Effort Coordinator Tlcommunications Tchnical Srvics Ntwork Enginring Brif Dscription Provids ovrsight to disastr rcovry procdurs and suprviss individual IT groups as thy xcut thir disastr rcovry dsktops. Also rsponsibl for coordination across th IT dpartmnts, answring qustions as thy aris, communicating progrss to th CIO, and procuring additional quipmnt as ndd. Rsponsibl for assisting in ovrsight of disastr rcovry procdurs as th disastr rcovry plan is xcutd. Also rsponsibl for coordinating and rsolving issus and qustions, monitoring and tracking task chcklists, and providing status updats to th managmnt tam. Rsponsibl for routing all ncssary call cntr phon numbrs, fax numbrs, and xtrnal partnrs voic capabilitis as ndd. Th Tlcommunications group is rsponsibl for nsuring that mmbr and providr calls ar routd appropriatly to allow for timly call rspons and call tracking. Th Tchnical Srvics group is rsponsibl for nsuring that ncssary workstations ar built and dployd using th standard Mdicaid Businss Unit configuration. Thy ar also rsponsibl for othr tchnical infrastructur rlatd tasks including; pointing applications to nw locations, assisting with printr and fax issus, and othr nd-usr tchnical issus. This group is rsponsibl for nsuring that LAN and WAN capabilitis ar availabl and othr tchnical infrastructur rlatd tasks including; Intrnt accss, rstoring th Exchang srvrs for -mail, fil transfrs, any nd-usr connctivity issus, and configuring srvrs procurd for long-trm disastr rcovry support. AETNA CONFIDENTIAL 8 Do not dissminat outsid of Atna, Inc. 28

Function Databas Administration Oprations Application Managmnt Brif Dscription This group is rsponsibl for making sur that all application databass ar fully rstord and ar rady for nd usr us. Thy ar also rsponsibl for monitoring th rstord databass to nsur propr prformanc and us, nsuring offsit mdia arrangmnts ar complt, maintaining daily log shipping to th DRP Hot Sit srvrs, and that propr data rtntion policis ar dfind and followd. This group is rsponsibl for nsuring that rgularly schduld batch jobs ar proprly xcutd onc th applications hav bn rstord. This includs batch activitis such as mass claim adjudication and crating th mmbrship card fils. This group is also rsponsibl for maintaining th DRP Hot Sit bin contnts nsuring th contnts ar currnt and th bin is scurd. This group is rsponsibl for nsuring that th applications hav bn succssfully rstord by th Information Systms tam. This includs nsuring that th applications ar functioning (may rquir rinstalling application softwar), th databass ar succssfully rstord to th appropriat dat, and prforming final validation on faturs and functions bfor rlasing th applications for businss us. This group will also b rsponsibl for answring applicationrlatd qustions onc th applications ar rlasd to th businss usrs. AETNA CONFIDENTIAL 9 Do not dissminat outsid of Atna, Inc. 29

AETNA MEDICAID BUSINESS UNIT D. RESOURCE REQUIREMENTS At th tim of disastr, ALL availabl AETNA MEDICAID BUSINESS UNIT IT staff will b rqustd to support th tam s rcovry rquirmnts. Hardwar will b quick shippd to Atna s WCC within 48 hours as statd in th HP Contract. Tap Backup Mdia (containing th most rcnt wkly, daily and monthly backups) is to b ordrd from Data Pro, Inc. and b dlivrd to a dsignatd location at th tim of DBAR dclaration. Th on sit shift schduls ar as following: Day 1 to Day 3 (72 Hours) Staff Rsourcs Rquird to Travl to CT for Tir On Shift 1 Mdicaid DBA, 1 NBU Tchnical Infrastructur Spcialist & Dirctor of IT, Windsor Sit Prsonnl AETNA MEDICAID BUSINESS UNIT rcnt backup taps; Quick shippd srvrs and tap library in Windsor sit 1st 1 Mdicaid DBA, 1 NBU Tchnical Infrastructur Spcialist & Dirctor of IT, Windsor Sit Prsonnl 1 Mdicaid DBA, 1 NBU Tchnical Infrastructur Spcialist & Dirctor of IT, Windsor Sit Prsonnl AETNA MEDICAID BUSINESS UNIT rcnt backup taps; Quick shippd srvrs and tap library in Windsor sit AETNA MEDICAID BUSINESS UNIT rcnt backup taps; Quick shippd srvrs and tap library in Windsor sit Day 4 and on Evryon in th AETNA MEDICAID BUSINESS UNIT IT Staff is rquird to b on sit at th Windsor Data Cntr as soon as possibl. Onc th hardwar is in plac (48 hours aftr contract activation) and th rstors ar undrway w will thn workout an altrnat work and shift schdul. 2nd 3rd AETNA CONFIDENTIAL 10 Do not dissminat outsid of Atna, Inc. 30

AETNA MEDICAID BUSINESS UNIT E. RECOVERY PROCEDURES Th following information dtails th various rcovry procdurs for AETNA MEDICAID BUSINESS UNIT in th vnt that thir Cotton Cntr Data Cntr has bn dstroyd. AETNA MEDICAID BUSINESS Unit s Ovrall Rcovry Stratgy Fil srvrs locatd at th Cotton Cntr datacntr ar backd up daily. Evry Thursday, full backup taps ar snt to DataPro, AETNA MEDICAID BUSINESS UNIT s Offsit Data Storag Vndor. Th offsit taps ar stord for 90 days and thn rcycld with th xcption of th last full backup of th month, which stays offsit for 7 yars. Incrmntal backups ar stord onsit for 90 days and thn rcycld. Databass ar backd up onc a day ithr with SQL transaction log backups or srvr dumps placd on a fil shar incorporatd into th fil srvr backup schdul. For Tir On applications, Atna s WCC databass utiliz an activ log shipping procss from th Cotton Cntr datacntr s databas srvrs lading to point-in-tim rcovry of th production databass. Th log shipping procss is only turnd inactiv during Disastr Rcovry xrciss. As an activ DRP Hot Sit, ths WCC systms ar monitord by IT using Argnt and SQL monitoring tools. Atna s WCC configuration includs trminal srvrs, SQL Srvr srvrs, and a FTP/DNS srvr for a Mdicaid Businss Unit rcovry. Th trminal srvr nvironmnt only supports QMACS, QNXT, and CasTrakkr applications. Th SQL Srvr nvironmnt supports th halth plan databass that th trminal srvrs utiliz as wll as tir two through 4 applications. AETNA MEDICAID BUSINESS UNIT applications that ar not Tir On will b rcovrd utilizing Atna s HP Quickship contract. Srvr Rstor Procdurs can b found in Atna s MCC & WCC DBAR Plans. AETNA CONFIDENTIAL 11 Do not dissminat outsid of Atna, Inc. 31

Disastr Rcovry Procdurs for Ntwork Enginring Prson Rsponsibl Task IT Tam Lad IT Tam Lad notifis Ntwork Enginring Lad that disruption has occurrd and to initiat IT Tam Lad vrification procdurs Dtrmin xtnt of damag and rason for outag. IT Tam Lad IT Tam Lad IT Tam Lad Ntwork Managr Ntwork Managr Coordinat any rcovry fforts at th altrnat DRP Hot Sit. St Up/ shifts / mploys availabl and ncssary Vrify DRP Hot Sit infrastructur is rady for othr IT tams to bgin rstoring Considr any quipmnt rplacmnt and coordinat purchas rqusts all rquisitions for quipmnt nd to b approvd through th IT Tam Lad Ensur ordrs ar placd as soon as practical to minimiz lad tims Install oprating systm softwar and utilitis on nw srvrs Install and configur databas srvr softwar on nw databas srvrs Disastr Rcovry Procdurs for Tir 1 & 2 Applications Prson Rsponsibl Task IT Tam Lad IT Tam Lad (Trry Nwman, Hathr LaPolt or Kurt Bahrs) IT Tam Lad IT Tam Lad Ntwork Tam DBA Tam DBA Tam DBA Tam DBA Tam/Ntwork Tam Businss Usr Dpartmnts Businss Usr Dpartmnts IT Tam Lad notifis Databas Managmnt Lad that disruption has occurrd and to initiat rcovry procdurs Dtrmin xtnt of damag and rason for outag. Invok HP Contract for Tir 2 application rcovry Coordinat any rcovry fforts at th altrnat DRP Hot Sit. St Up/ shifts / mploys availabl and ncssary Considr any quipmnt rplacmnt and coordinat purchas rqusts all rquisitions for quipmnt nd to b approvd through th IT Tam Lad nsur ordrs ar placd as soon as practical to minimiz lad tims Rfrnc Sction I for ABH srvr invntory Install oprating systm softwar and utilitis on nw databas srvrs Install and configur databas srvr softwar on nw databas srvrs QMACS\QNXT databass: Rstor plan data and qcsidb databass from full databas backups and transaction log backups on tap. Chang srvr nams in tabl qcsidb.dbalias Rmap databas usrs CasTrakkr, ihalth, EMS, Pharmacy PA, Grivanc and Appals, ASDB/Prdictiv Pathways, VisionPro databass: Rstor databass from full databas backups and transaction log backups on tap. Rmap databas usrs Rmaining AETNA MEDICAID BUSINESS UNIT databass tir 2 applications and associatd databass (s attachd application list): Rstor databass from full databas backups and transaction log backups on tap. Rmap databas usrs Rstor QMACS/QNXT manual transactions from businss aras (Claims, Prior Authorization, and Mmbr Solutions) as rquird to mak databas currnt. Rstor th oprations in th businss aras. Ensur data is currnt, or that contingncy plan for data ntry is xcutd. AETNA CONFIDENTIAL 12 Do not dissminat outsid of Atna, Inc. 32

Spcific application rstor instructions ar not rquird bcaus rstors will occur on both th application and databas srvr lvls. Spcific applications will b rcovrd and availabl as th srvr basd rstors ar compltd. To s a complt list of AETNA MEDICAID BUSINESS UNIT applications and thir currnt DBAR postur, click blow. Th Rcovry Tim Objctiv for Tir-on applications is 0-12 hrs; RTO for rmaining Tir -two applications is 1-4 wks. ABH Application List AETNA CONFIDENTIAL 13 Do not dissminat outsid of Atna, Inc. 33

AETNA MEDICAID BUSINESS UNIT F. VENDOR CONTACT LIST AETNA MEDICAID BUSINESS UNIT has numrous xtrnal partnr rlationships that provid ssntial srvics and applications. As part of th AETNA MEDICAID BUSINESS UNIT contracts with ths vndors, ach vndor is rsponsibl for having thir own Disastr Rcovry Plans to nsur rstoration of th critical application srvic. Application Vndors - Rfr to complt AETNA MEDICAID BUSINESS UNIT application invntory. Typ of Vndor Vndor Contact Nam Contact # Offsit Mdia DataPro Inc. Storag Th TriZtto Group, Inc. (QNXT) Futur Vision / Alchmy DRPS prsonnl (Kurt Bahrs) is authorizd to invok contract Kn Hays National Account Excutiv Jrmy Grgrsn Account Managr (623) 434-0748 Password#B@ckUpm3? O 480.735.7144 M 480.383.3974 801.747.5815 Avaya Atna NOC (800) 900-0241 MCI / Vrizon / Atna NOC (800) 900-0241 Qwst IMA (Cas Trakkr) Lisa Schwnk Account/Sals Managr 916-446-1114 Dll Jff Ebrts Global Account Managr 203-426-2518 Ingnix Chris Robinson Account Managr 1.800.678.8398 opt.4 x 23645 *Dirct 1.801.982.3645 ihalth Valri Pandak 804-360-5054 offic 804-814-7751 cll Fir Supprssion FIKE (Amrican Jimmy Johnson (602) 433-2484 Systm Fir Equip) Account Managr UPS/Gnrator Librt 24/7 Call Cntr 800-543-2378 DataCntr AC Artic Air IMCOR Roth Bros. 1-800-USA-ROTH Offic 1-330-793-4155 Fax Nsa - Rprsntativ AETNA CONFIDENTIAL 14 Do not dissminat outsid of Atna, Inc. 34

IMCOR Intrstat Mchanical Corp. Michll Mahl - Srvic Dispatchr michll.mahl@imcoraz.com 602-253-04300 offic 602-256-5915 fax Ntwork Cabling (Magnum) (602) 438-2260 Infrastructur Disk Storag EMC2 Jim Corrigan Jack Nolan Nathan Oulltt 860-982-8770 860-874-7417 860-550-3596 Extrnal Vndors ihalth Nikki Rupp (305) 275-6706 ABF Lynn McKon (Dir., Account (314) 785-4301 or (800) 804-7430 Mgmt) Patrick Coughlin (VP, Oprations) (314) 785-4300 or (800) 804-7430 EDI Claringhouss Emdon Linda Story (615) 231-4995 Offic Ally Brian O Nill (949) 290-6866 SPSI Richard Coopr 817-788-5595 SSI Joan Kossow 800-889-3032 x1218 Gatway Linda Shr 314-961-2720 x1219 AETNA CONFIDENTIAL 15 Do not dissminat outsid of Atna, Inc. 35

AETNA MEDICAID BUSINESS UNIT G. RESTORATION (GO BACK) PROCEDURES Ky AETNA MEDICAID BUSINESS UNIT prsonnl will conduct planning sssions to addrss sit rstoration. Thr ar thr options for sit rstoration Rmain at th currnt sit Mov to an ntirly diffrnt sit Rpair old sit and vntually mov back. Onc th rstoration dcision is mad, th individual aras within IT will act accordingly. AETNA CONFIDENTIAL 16 Do not dissminat outsid of Atna, Inc. 36

AETNA MEDICAID BUSINESS UNIT H. PLAN MAINTENANCE This rcovry plan for AETNA MEDICAID BUSINESS UNIT is writtn at a skill st lvl that anyon within our dpartmnt would b abl to follow and xcut in a disastr scnario. All Affiliat Disastr Rcovry Plans ar rquird to b updatd smi-annually. Ths updats nd to b submittd to DRPS by th last Friday of Jun & Dcmbr. As part of this rviw procss, any changs that ar mad to th plan should b rcordd on th Chang Rcord documnt. Affiliat DBAR plans can b accssd via th Disastr Rcovry Planning Srvics wbsit in an unscurd vrsion without phon numbrs. A scurd vrsion can b found on our mirrord srvr, \\Midp-oa-005\midopssvcs. AETNA CONFIDENTIAL 17 Do not dissminat outsid of Atna, Inc. 37

AETNA MEDICAID BUSINESS UNIT I. SUPPORTING INFORMATION Th Supporting Information part of th plan should provid ssntial background or information that maks th plan asir to undrstand, implmnt, and maintain outsid. Common supporting documntation or appndics includ th following: Vndor SLA, rciprocal agrmnts with othr organizations, and othr vital rcords Organizational Charts Any links to othr rsourcs that ar containd in anothr rcovry plan. List of Tir 2 Application Srvrs to b rcovrd: C:\Data\ C:\Data\MBU Apps MBU_Srvr_Invntoupdatd 09232010.xl Managing ArcSrv Backups.doc AETNA CONFIDENTIAL 18 Do not dissminat outsid of Atna, Inc. 38

Ntwork Diagram for AETNA MEDICAID BUSINESS UNIT s Critical Tir On Applications: All Plans Windsor Ct. Atna Hotsit Vrizon Rivrbd PhxDrpCs01 PhxDrpQxt01 PhxQxtDrpWww01 PhxQxtDripWww02 PhxDrpSql03 DrpDns01 PhxDrpTrm1 PhxDrpTrm2 PhxDrpTrm3 MSL6000 Vrizon Intrnt Vrizon Cotton Cntr Blvd Data Cntr PRODUCTION PhxDrpDc01 PhxDrpCsSql01 PhxDrpExc01 PhxDrpSql01 PhxDrpSan01 Vrizon Extrnal Usr AETNA CONFIDENTIAL 19 Do not dissminat outsid of Atna, Inc. 39

APPENDIX A: RECORD OF CHANGES Dpartmnt: AETNA MEDICAID BUSINESS UNIT Quartr:_04Q2010_ Pag Chang or Commnt Chang Mad By No. 6 Updatd Prsonal Titls Michal Fltchr 14 Updatd Vndor Contact Info Michal Fltchr 7 Rplac Rports Contact Michal Fltchr 14,15 Updat Vndor Contacts Michal Fltchr Rviwd by Plan Ownr: _Michal Fltchr Jun, 22nd, 2010 Michal Fltchr Dcmbr 13 th 2010 Rviwd by DRPS:_Maghan Goldnr Dat_11/11/10_ AETNA CONFIDENTIAL 20 Do not dissminat outsid of Atna, Inc. 40

APPENDIX B: DRIVING DIRECTIONS Bradly Airport to Windsor Data Cntr: Start out going East on SCHOEPHOESTER RD toward POSTAL RD. Turn RIGHT onto CT-75/TURNPIKE RD. Continu to follow CT-75 S. Mrg onto CT-20 E toward I-91/HARTFORD/SPRINGFIELD. Mrg onto I-91 S toward HARTFORD. Tak th CT-75 xit- xit numbr 38A-38B- toward POQUONOCK/WINDSOR. Tak th DAY HILL ROAD ramp. Stay straight to go onto DAY HILL RD. Turn LEFT onto ADDISON RD. Turn RIGHT onto PIGEON HILL RD. AETNA CONFIDENTIAL 21 Do not dissminat outsid of Atna, Inc. 41