应对数字瘫痪:国家癌症中心在网络攻击中幸存。

IF 2 Q3 HEALTH POLICY & SERVICES
Rachel J. Keogh , Harry Harvey , Claire Brady , Edel Hassett , Seán J. Costelloe , Martin J. O’Sullivan , Maria Twomey , Mary Jane O’Leary , Mary R. Cahill , Aideen O’Riordan , Caroline M. Joyce , Ger Moloney , Aileen Flavin , Richard M Bambury , Deirdre Murray , Kathleen Bennett , Maeve Mullooly , Seamus O’Reilly
{"title":"应对数字瘫痪:国家癌症中心在网络攻击中幸存。","authors":"Rachel J. Keogh ,&nbsp;Harry Harvey ,&nbsp;Claire Brady ,&nbsp;Edel Hassett ,&nbsp;Seán J. Costelloe ,&nbsp;Martin J. O’Sullivan ,&nbsp;Maria Twomey ,&nbsp;Mary Jane O’Leary ,&nbsp;Mary R. Cahill ,&nbsp;Aideen O’Riordan ,&nbsp;Caroline M. Joyce ,&nbsp;Ger Moloney ,&nbsp;Aileen Flavin ,&nbsp;Richard M Bambury ,&nbsp;Deirdre Murray ,&nbsp;Kathleen Bennett ,&nbsp;Maeve Mullooly ,&nbsp;Seamus O’Reilly","doi":"10.1016/j.jcpo.2023.100466","DOIUrl":null,"url":null,"abstract":"<div><h3>Introduction</h3><p>Cyberattacks represent a growing threat for healthcare delivery globally. We assess the impact and implications of a cyberattack on a cancer center in Ireland.</p></div><div><h3>Methods</h3><p>On May 14th 2021 (day 0) Cork University Hospital (CUH) Cancer Center was involved in the first national healthcare ransomware attack in Ireland. Contingency plans were only present in laboratory services who had previously experienced information technology (IT) failures. No hospital cyberattack emergency plan was in place. Departmental logs of activity for 120 days after the attack were reviewed and compared with historical activity records. Daily sample deficits (routine daily number of samples analyzed – number of samples analyzed during cyberattack) were calculated. Categorical variables are reported as median and range. Qualitative data were collected via reflective essays and interviews with key stakeholders from affected departments in CUH.</p></div><div><h3>Results</h3><p><span><span>On day 0, all IT systems were shut down. Radiotherapy (RT) treatment and cancer surgeries stopped, outpatient activity fell by 50%. </span>hematology<span>, biochemistry and radiology<span> capacity fell by 90% (daily sample deficit (DSD) 2700 samples), 75% (DSD 2250 samples), and 90% (100% mammography/PET scan) respectively. Histopathology reporting times doubled (7 to 15 days). Radiotherapy (RT) was interrupted for 113 patients in CUH. The median treatment gap duration was six days for category 1 patients and 10 for the remaining patients. Partner organizations paused all IT links with CUH. Outsourcing of radiology and radiotherapy commenced, alternative communication networks and national conference calls in RT and </span></span></span>Clinical Trials were established. By day 28 Email communication was restored. By day 210 reporting and data storage backlogs were cleared and over 2000 computers were checked/replaced.</p></div><div><h3>Conclusion</h3><p>Cyberattacks have rapid, profound and protracted impacts. While laboratory and diagnostic deficits were readily quantified, the impact of disrupted/delayed care on patient outcomes is less readily quantifiable. Cyberawareness and cyberattack plans need to be embedded in healthcare.</p></div><div><h3>Policy Summary</h3><p>Cyberattacks pose significant challenges for healthcare systems, impacting patient care, clinical outcomes, and staff wellbeing. This study provides a comprehensive review of the impact of the Conti ransomware attack on cancer services in Cork University Hospital (CUH), the first cyberattack on a national health service. Our study highlights the widespread disruption caused by a cyberattack including shutdown of information technology (IT) services, marked reduction in outpatient activity, temporary cessation of essential services such as radiation therapy. We provide a framework for other institutions for mitigating the impact of a cyberattack, underscoring the need for a cyberpreparedness plan similar to those made for natural disasters and the profound legacy of a cyberattack on patient care.</p></div>","PeriodicalId":38212,"journal":{"name":"Journal of Cancer Policy","volume":null,"pages":null},"PeriodicalIF":2.0000,"publicationDate":"2024-01-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Dealing with digital paralysis: Surviving a cyberattack in a National Cancer center\",\"authors\":\"Rachel J. Keogh ,&nbsp;Harry Harvey ,&nbsp;Claire Brady ,&nbsp;Edel Hassett ,&nbsp;Seán J. Costelloe ,&nbsp;Martin J. O’Sullivan ,&nbsp;Maria Twomey ,&nbsp;Mary Jane O’Leary ,&nbsp;Mary R. Cahill ,&nbsp;Aideen O’Riordan ,&nbsp;Caroline M. Joyce ,&nbsp;Ger Moloney ,&nbsp;Aileen Flavin ,&nbsp;Richard M Bambury ,&nbsp;Deirdre Murray ,&nbsp;Kathleen Bennett ,&nbsp;Maeve Mullooly ,&nbsp;Seamus O’Reilly\",\"doi\":\"10.1016/j.jcpo.2023.100466\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"<div><h3>Introduction</h3><p>Cyberattacks represent a growing threat for healthcare delivery globally. We assess the impact and implications of a cyberattack on a cancer center in Ireland.</p></div><div><h3>Methods</h3><p>On May 14th 2021 (day 0) Cork University Hospital (CUH) Cancer Center was involved in the first national healthcare ransomware attack in Ireland. Contingency plans were only present in laboratory services who had previously experienced information technology (IT) failures. No hospital cyberattack emergency plan was in place. Departmental logs of activity for 120 days after the attack were reviewed and compared with historical activity records. Daily sample deficits (routine daily number of samples analyzed – number of samples analyzed during cyberattack) were calculated. Categorical variables are reported as median and range. Qualitative data were collected via reflective essays and interviews with key stakeholders from affected departments in CUH.</p></div><div><h3>Results</h3><p><span><span>On day 0, all IT systems were shut down. Radiotherapy (RT) treatment and cancer surgeries stopped, outpatient activity fell by 50%. </span>hematology<span>, biochemistry and radiology<span> capacity fell by 90% (daily sample deficit (DSD) 2700 samples), 75% (DSD 2250 samples), and 90% (100% mammography/PET scan) respectively. Histopathology reporting times doubled (7 to 15 days). Radiotherapy (RT) was interrupted for 113 patients in CUH. The median treatment gap duration was six days for category 1 patients and 10 for the remaining patients. Partner organizations paused all IT links with CUH. Outsourcing of radiology and radiotherapy commenced, alternative communication networks and national conference calls in RT and </span></span></span>Clinical Trials were established. By day 28 Email communication was restored. By day 210 reporting and data storage backlogs were cleared and over 2000 computers were checked/replaced.</p></div><div><h3>Conclusion</h3><p>Cyberattacks have rapid, profound and protracted impacts. While laboratory and diagnostic deficits were readily quantified, the impact of disrupted/delayed care on patient outcomes is less readily quantifiable. Cyberawareness and cyberattack plans need to be embedded in healthcare.</p></div><div><h3>Policy Summary</h3><p>Cyberattacks pose significant challenges for healthcare systems, impacting patient care, clinical outcomes, and staff wellbeing. This study provides a comprehensive review of the impact of the Conti ransomware attack on cancer services in Cork University Hospital (CUH), the first cyberattack on a national health service. Our study highlights the widespread disruption caused by a cyberattack including shutdown of information technology (IT) services, marked reduction in outpatient activity, temporary cessation of essential services such as radiation therapy. We provide a framework for other institutions for mitigating the impact of a cyberattack, underscoring the need for a cyberpreparedness plan similar to those made for natural disasters and the profound legacy of a cyberattack on patient care.</p></div>\",\"PeriodicalId\":38212,\"journal\":{\"name\":\"Journal of Cancer Policy\",\"volume\":null,\"pages\":null},\"PeriodicalIF\":2.0000,\"publicationDate\":\"2024-01-02\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Journal of Cancer Policy\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://www.sciencedirect.com/science/article/pii/S2213538323000838\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q3\",\"JCRName\":\"HEALTH POLICY & SERVICES\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Journal of Cancer Policy","FirstCategoryId":"1085","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S2213538323000838","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q3","JCRName":"HEALTH POLICY & SERVICES","Score":null,"Total":0}
引用次数: 0

摘要

导言:网络攻击对全球医疗服务的威胁与日俱增。我们评估了网络攻击对爱尔兰一家癌症中心的影响:2021 年 5 月 14 日(第 0 天),科克大学医院(CUH)癌症中心遭遇爱尔兰首次全国性医疗勒索软件攻击。只有曾经历过信息技术(IT)故障的实验室服务部门制定了应急计划。医院没有制定网络攻击应急计划。对攻击发生后 120 天内的部门活动日志进行了审查,并与历史活动记录进行了比较。计算了每日样本赤字(每日常规分析样本数-网络攻击期间分析样本数)。分类变量以中位数和范围进行报告。定性数据通过反思论文和与中大医院受影响部门的主要利益相关者的访谈收集:第 0 天,所有 IT 系统关闭。放疗(RT)治疗和癌症手术停止,门诊活动减少了 50%。血液学、生物化学和放射学的处理能力分别下降了 90%(日样本赤字 (DSD) 为 2700 个样本)、75%(DSD 为 2250 个样本)和 90%(100% 乳房 X 线照相术/PET 扫描)。组织病理学报告时间增加了一倍(从 7 天增加到 15 天)。中大医院有 113 名患者中断了放疗(RT)。1 类患者的治疗间隙时间中位数为 6 天,其余患者为 10 天。合作机构暂停了与中大医院的所有信息技术连接。开始外包放射科和放射治疗,建立了替代通信网络以及 RT 和临床试验方面的全国电话会议。第 28 天,恢复了电子邮件通信。第 210 天,报告和数据存储积压得到清理,2000 多台计算机得到检查/更换:网络攻击的影响迅速、深远而持久。虽然实验室和诊断方面的缺陷很容易量化,但中断/延迟护理对患者预后的影响却不那么容易量化。政策摘要:网络攻击给医疗保健系统带来了重大挑战,影响了患者护理、临床结果和员工福利。本研究全面回顾了 Conti 勒索软件攻击对科克大学医院(CUH)癌症服务的影响,这是对国家医疗服务的首次网络攻击。我们的研究强调了网络攻击造成的广泛破坏,包括信息技术 (IT) 服务的关闭、门诊活动的显著减少、放射治疗等基本服务的暂时停止。我们为其他机构提供了一个减轻网络攻击影响的框架,强调了制定类似于自然灾害网络准备计划的必要性,以及网络攻击对患者护理的深远影响。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
Dealing with digital paralysis: Surviving a cyberattack in a National Cancer center

Introduction

Cyberattacks represent a growing threat for healthcare delivery globally. We assess the impact and implications of a cyberattack on a cancer center in Ireland.

Methods

On May 14th 2021 (day 0) Cork University Hospital (CUH) Cancer Center was involved in the first national healthcare ransomware attack in Ireland. Contingency plans were only present in laboratory services who had previously experienced information technology (IT) failures. No hospital cyberattack emergency plan was in place. Departmental logs of activity for 120 days after the attack were reviewed and compared with historical activity records. Daily sample deficits (routine daily number of samples analyzed – number of samples analyzed during cyberattack) were calculated. Categorical variables are reported as median and range. Qualitative data were collected via reflective essays and interviews with key stakeholders from affected departments in CUH.

Results

On day 0, all IT systems were shut down. Radiotherapy (RT) treatment and cancer surgeries stopped, outpatient activity fell by 50%. hematology, biochemistry and radiology capacity fell by 90% (daily sample deficit (DSD) 2700 samples), 75% (DSD 2250 samples), and 90% (100% mammography/PET scan) respectively. Histopathology reporting times doubled (7 to 15 days). Radiotherapy (RT) was interrupted for 113 patients in CUH. The median treatment gap duration was six days for category 1 patients and 10 for the remaining patients. Partner organizations paused all IT links with CUH. Outsourcing of radiology and radiotherapy commenced, alternative communication networks and national conference calls in RT and Clinical Trials were established. By day 28 Email communication was restored. By day 210 reporting and data storage backlogs were cleared and over 2000 computers were checked/replaced.

Conclusion

Cyberattacks have rapid, profound and protracted impacts. While laboratory and diagnostic deficits were readily quantified, the impact of disrupted/delayed care on patient outcomes is less readily quantifiable. Cyberawareness and cyberattack plans need to be embedded in healthcare.

Policy Summary

Cyberattacks pose significant challenges for healthcare systems, impacting patient care, clinical outcomes, and staff wellbeing. This study provides a comprehensive review of the impact of the Conti ransomware attack on cancer services in Cork University Hospital (CUH), the first cyberattack on a national health service. Our study highlights the widespread disruption caused by a cyberattack including shutdown of information technology (IT) services, marked reduction in outpatient activity, temporary cessation of essential services such as radiation therapy. We provide a framework for other institutions for mitigating the impact of a cyberattack, underscoring the need for a cyberpreparedness plan similar to those made for natural disasters and the profound legacy of a cyberattack on patient care.

求助全文
通过发布文献求助,成功后即可免费获取论文全文。 去求助
来源期刊
Journal of Cancer Policy
Journal of Cancer Policy Medicine-Health Policy
CiteScore
2.40
自引率
7.70%
发文量
47
审稿时长
65 days
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
copy
已复制链接
快去分享给好友吧!
我知道了
右上角分享
点击右上角分享
0
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信