When code crashes the lab: Operational resilience in clinical laboratories amid a cyberattack - A case study from a university hospital.

Cyberattacks on healthcare organizations have escalated globally, resulting in serious risks to patient care and safety. Clinical laboratories, relying heavily on data-intensive systems, are particularly vulnerable to disruptions when hospital information systems are compromised. We conducted a single-center retrospective case study of a major cyberattack affecting the laboratory services at Notre Dame des Secours-UH in Lebanon. Operational data, incident reports, and recovery timelines were reviewed to characterize the attack's impact on laboratory operations and the resilience measures implemented. The cyberattack led to an immediate shutdown of laboratory information systems and automation, necessitating a shift to paper-based and manual processes. Key emergency protocols were activated within hours, including manual test ordering, handwritten result transcription with double verification, and specialized staff-controlled release of blood products. Critical services were maintained, but routine testing and volumes dropped sharply in the first week. A stepwise recovery ensued: by day 3 a limited laboratory information systems functionality was restored on a local network, by day 10 most laboratory services resumed albeit with workflow adjustments, and normal operations were largely re-established within two months. Our case points out to the operational resilience of a clinical laboratory during a prolonged cyber crisis. Effective crisis management, including timely incident response planning, staff adaptability, and emergency procedures, improved patient care in such a dreaded organizational situation and allowed for the return to normal workflow of the clinical laboratory.