Simulating the overload of medical processes due to system failures during a cyberattack.

Today's medical IT is more and more connected and network or IT system outages may impact the quality of patient treatment. IT outages from cyberattacks are particularly worrisome if attackers focus on those medical IT devices that are critical for medical processes. However, medical processes are primarily documented for the hospital employees and not for analyzing the criticality of any given human or medical IT resource. This paper presents a generic model for realistic, patient-focused simulation of medical processes. The model allows the simulation of cyber incidents, focusing on device outages or overload situations like mass casualty incidents. Furthermore, we present a proof-of-concept tool that implements the described model, enabling end-users to simulate their processes. The tool offers the ability to run with low detailed data for overview purposes and highly detailed data for fine-grained simulation results. We perform different scenario simulations for a sample hospital, including the acute phase of a ransomware attack, negative performance impacts due to the implementation of cybersecurity measures, and emergency plans for mass casualty incidents. In each scenario, the respective simulation resulted in a quantitative statement of how these scenarios affect overall process performance and show possible key factors supporting decision-making. We use real-world data from a German trauma room to optimize and evaluate the process simulation.