|
1
|
Abbou B, Kessel B, Ben Natan M, Gabbay-Benziv R, Dahan Shriki D, Ophir A, Goldschmid N, Klein A, Roguin A, Dudkiewicz M. When all computers shut down: the clinical impact of a major cyber-attack on a general hospital. Front Digit Health 2024; 6:1321485. [PMID: 38433989 PMCID: PMC10904636 DOI: 10.3389/fdgth.2024.1321485] [Citation(s) in RCA: 0] [Impact Index Per Article: 0] [Reference Citation Analysis] [Abstract] [Key Words] [Track Full Text] [Figures] [Journal Information] [Subscribe] [Scholar Register] [Received: 10/14/2023] [Accepted: 02/05/2024] [Indexed: 03/05/2024] Open
Abstract
Importance Healthcare organizations operate in a data-rich environment and depend on digital computerized systems; thus, they may be exposed to cyber threats. Indeed, one of the most vulnerable sectors to hacks and malware is healthcare. However, the impact of cyberattacks on healthcare organizations remains under-investigated. Objective This study aims to describe a major attack on an entire medical center that resulted in a complete shutdown of all computer systems and to identify the critical actions required to resume regular operations. Setting This study was conducted on a public, general, and acute care referral university teaching hospital. Methods We report the different recovery measures on various hospital clinical activities and their impact on clinical work. Results The system malfunction of hospital computers did not reduce the number of heart catheterizations, births, or outpatient clinic visits. However, a sharp drop in surgical activities, emergency room visits, and total hospital occupancy was observed immediately and during the first postattack week. A gradual increase in all clinical activities was detected starting in the second week after the attack, with a significant increase of 30% associated with the restoration of the electronic medical records (EMR) and laboratory module and a 50% increase associated with the return of the imaging module archiving. One limitation of the present study is that, due to its retrospective design, there were no data regarding the number of elective internal care hospitalizations that were considered crucial. Conclusions and relevance The risk of ransomware cyberattacks is growing. Healthcare systems at all levels of the hospital should be aware of this threat and implement protocols should this catastrophic event occur. Careful evaluation of steady computer system recovery weekly enables vital hospital function, even under a major cyberattack. The restoration of EMR, laboratory systems, and imaging archiving modules was found to be the most significant factor that allowed the return to normal clinical hospital work.
Collapse
Affiliation(s)
- Benyamine Abbou
- Hospital Administration, Hillel Yaffe Medical Center, Hadera, Israel
- Ruth and Bruce Rappaport Faculty of Medicine, Technion – Israel Institute of Technology, Haifa, Israel
| | - Boris Kessel
- Ruth and Bruce Rappaport Faculty of Medicine, Technion – Israel Institute of Technology, Haifa, Israel
- Surgical Division, Hillel Yaffe Medical Center, Hadera, Israel
| | - Merav Ben Natan
- Pat Matthews Academic School of Nursing, Hillel Yaffe Medical Center, Hadera, Israel
| | - Rinat Gabbay-Benziv
- Ruth and Bruce Rappaport Faculty of Medicine, Technion – Israel Institute of Technology, Haifa, Israel
- Division of Obstetrics and Gynecology, Hillel Yaffe Medical Center, Hadera, Israel
| | | | - Anna Ophir
- Ruth and Bruce Rappaport Faculty of Medicine, Technion – Israel Institute of Technology, Haifa, Israel
- Surgical Division, Hillel Yaffe Medical Center, Hadera, Israel
| | - Nimrod Goldschmid
- Ruth and Bruce Rappaport Faculty of Medicine, Technion – Israel Institute of Technology, Haifa, Israel
- Risk Management Department, Hillel Yaffe Medical Center, Hadera, Israel
| | - Adi Klein
- Ruth and Bruce Rappaport Faculty of Medicine, Technion – Israel Institute of Technology, Haifa, Israel
- Division of Pediatrics, Hillel Yaffe Medical Center, Hadera, Israel
| | - Ariel Roguin
- Ruth and Bruce Rappaport Faculty of Medicine, Technion – Israel Institute of Technology, Haifa, Israel
- Division of Cardiology, Hillel Yaffe Medical Center, Hadera, Israel
| | - Mickey Dudkiewicz
- Hospital Administration, Hillel Yaffe Medical Center, Hadera, Israel
- Ruth and Bruce Rappaport Faculty of Medicine, Technion – Israel Institute of Technology, Haifa, Israel
| |
Collapse
|
|
2
|
Ivanković D, Jansen T, Barbazza E, Fernandes ÓB, Klazinga N, Kringos D. Status of the health information system in Ireland and its fitness to support health system performance assessment: a multimethod assessment based on stakeholder involvement. Health Res Policy Syst 2022; 21:1. [DOI: 10.1186/s12961-022-00931-1] [Citation(s) in RCA: 0] [Impact Index Per Article: 0] [Reference Citation Analysis] [Abstract] [Track Full Text] [Journal Information] [Subscribe] [Scholar Register] [Received: 03/07/2022] [Accepted: 10/26/2022] [Indexed: 11/18/2022] Open
Abstract
Abstract
Background
Between 2019 and 2021, the first Irish health system performance assessment (HSPA) framework was developed. As routinely collected health data are necessary to continuously populate indicators of an HSPA framework, a purpose-driven assessment of the health information system (HIS) in Ireland and its fitness to support the implementation of an HSPA framework was conducted. This study reports on the status of the Irish HIS through a multimethod assessment based on continuous broad stakeholder involvement.
Methods
Between May and November 2020, over 50 informants were engaged in individual and group interviews and stakeholder consultation workshops as part of the HIS assessment process. Descriptive themes and high-level data availability heatmaps were derived from interview and workshop data using thematic analysis. Indicator “passports” for the HSPA framework were populated during stakeholder consultation workshops and analysed using univariate descriptive statistics.
Results
The HIS in Ireland was able to provide administrative, survey and registry-based data for public sector acute care services, focusing on structure, process and output metrics. Significant data availability gaps, most notably from primary care, private hospitals and community care, were reported, with little availability of electronic health record and people-reported data. Data on outcome metrics were mostly missing, as were linkage possibilities across datasets for care pathway monitoring. The COVID-19 pandemic highlighted the national HIS’s shortcomings but also the capacity for rapid development and improvement.
Conclusions
A tailor-made assessment of the HIS in Ireland, involving a broad set of relevant stakeholders, revealed strengths, weaknesses and areas for improvement in the Irish health data landscape. It also contributed to the development of a national HSPA framework and momentum to further strengthen data infrastructure and governance, while working towards a more data-driven and person-centred healthcare system. This work demonstrates the utility of an inclusive HIS assessment process and is applicable beyond Ireland, where this case study was conducted.
Collapse
|