|
1
|
Vinogradskiy Y, Schubert L, Taylor A, Rudoler S, Lamb J. Radiation Oncology Ransomware Attack Response Risk Analysis Using Failure Modes and Effects Analysis. Pract Radiat Oncol 2024; 14:e407-e415. [PMID: 38508451 PMCID: PMC12063670 DOI: 10.1016/j.prro.2024.03.001] [Citation(s) in RCA: 0] [Impact Index Per Article: 0] [Reference Citation Analysis] [Abstract] [MESH Headings] [Grants] [Track Full Text] [Journal Information] [Subscribe] [Scholar Register] [Received: 01/29/2024] [Revised: 03/04/2024] [Accepted: 03/06/2024] [Indexed: 03/22/2024]
Abstract
PURPOSE There have been numerous significant ransomware attacks impacting Radiation Oncology in the past 5 years. Research into ransomware attack response in Radiation Oncology has consisted of case reports and descriptive articles and has lacked quantitative studies. The purpose of this work was to identify the significant safety risks to patients being treated with radiation therapy during a ransomware attack scenario, using Failure Modes and Effects Analysis. METHODS AND MATERIALS A multi-institutional and multidisciplinary team conducted a Failure Modes and Effects Analysis by developing process maps and using Risk Priority Number (RPN) scores to quantify the increased likelihood of incidents in a ransomware attack scenario. The situation that was simulated was a ransomware attack that had removed the capability to access the Record and Verify (R&V) system. Five situations were considered: 1) a standard treatment of a patient with and without an R&V, 2) a standard treatment of a patient for the first fraction right after the R&V capabilities are disabled, and 3) 3 situations in which a plan modification was required. RPN scores were compared with and without R&V functionality. RESULTS The data indicate that RPN scores increased by 71% (range, 38%-96%) when R&V functionality is disabled compared with a nonransomware attack state where R&V functionality is available. The failure modes with the highest RPN in the simulated ransomware attack state included incorrectly identifying patients on treatment, incorrectly identifying where a patient is in their course of treatment, treating the incorrect patient, and incorrectly tracking delivered fractions. CONCLUSIONS The presented study quantifies the increased risk of incidents when treating in a ransomware attack state, identifies key failure modes that should be prioritized when preparing for a ransomware attack, and provides data that can be used to guide future ransomware resiliency research.
Collapse
Affiliation(s)
- Yevgeniy Vinogradskiy
- Department of Radiation Oncology, Thomas Jefferson University, Philadelphia Pennsylvania.
| | - Leah Schubert
- Department of Radiation Oncology, University of Colorado School of Medicine, Aurora, Colorado
| | - Amy Taylor
- Department of Radiation Oncology, Thomas Jefferson University, Philadelphia Pennsylvania
| | - Shari Rudoler
- Department of Radiation Oncology, Thomas Jefferson University, Philadelphia Pennsylvania
| | - James Lamb
- Department of Radiation Oncology, University of California Los Angeles, Los Angeles California
| |
Collapse
|
|
2
|
Shen J, Chen M, Qiu H, Yang C, Liu H, Chen J, Wang D, Zhao H, Sun S, Mei Z, Xie C, Wang X. Evaluation and improvement of the safety of 3D-printed template assisted intracavitary/interstitial brachytherapy for cervical cancer using repeat FMEA. Brachytherapy 2024; 23:580-589. [PMID: 38960768 DOI: 10.1016/j.brachy.2024.05.003] [Citation(s) in RCA: 0] [Impact Index Per Article: 0] [Reference Citation Analysis] [Abstract] [Key Words] [MESH Headings] [Track Full Text] [Journal Information] [Subscribe] [Scholar Register] [Received: 08/21/2023] [Revised: 02/07/2024] [Accepted: 05/09/2024] [Indexed: 07/05/2024]
Abstract
BACKGROUND AND PURPOSE 3D-printed templates are used in intracavitary/interstitial brachytherapy (3DP-IC/IS) for locally advanced cervical cancer (LACC). We applied failure mode and effects analysis (FMEA) twice in one year to improve 3DP-IC/IS safety. MATERIALS AND METHODS A risk assessment group was established. We created a process map for 3DP-IC/IS procedures, identifying potential failure modes (FMs) and evaluating occurrence (O), detectability (D), severity (S), and risk priority number (RPN = O*D*S). High RPN values identified high-risk FMs, and quality control (QC) methods were determined by root cause analysis. A second FMEA was performed a year later. RESULTS The 3DP-IC/IS process included 10 main steps, 48 subprocesses, and 54 FMs. Initial RPN values ranged from 4.50 to 171.00 (median 50.50; average 52.18). Ten high-risk FMs were identified: (1) unreasonable needle track design (171.00/85.50), (2) noncoplanar needle label identification failure (126.00/64.00), (3) template model reconstruction failure (121.50/62.50), (4) improper gauze filling (112.00/60.25), (5) poor needle position (112.00/52.50). QC interventions lowered all high-risk RPN values during the second assessment. CONCLUSIONS A feasible 3DP-IC/IS process was proposed. Staff training, automatic needle path planning, insertion guidance diagrams, template checking, system commissioning, and template design improvements effectively enhanced process safety.
Collapse
Affiliation(s)
- Jiuling Shen
- Department of Radiation and Medical Oncology, Hubei Key Laboratory of Tumor Biological Behaviors, Hubei Cancer Clinical Study Center, Zhongnan Hospital of Wuhan University, Wuhan, China
| | - Min Chen
- Department of Radiation and Medical Oncology, Hubei Key Laboratory of Tumor Biological Behaviors, Hubei Cancer Clinical Study Center, Zhongnan Hospital of Wuhan University, Wuhan, China
| | - Hui Qiu
- Department of Radiation and Medical Oncology, Hubei Key Laboratory of Tumor Biological Behaviors, Hubei Cancer Clinical Study Center, Zhongnan Hospital of Wuhan University, Wuhan, China
| | - Chunxu Yang
- Department of Radiation and Medical Oncology, Hubei Key Laboratory of Tumor Biological Behaviors, Hubei Cancer Clinical Study Center, Zhongnan Hospital of Wuhan University, Wuhan, China
| | - Hui Liu
- Department of Radiation and Medical Oncology, Hubei Key Laboratory of Tumor Biological Behaviors, Hubei Cancer Clinical Study Center, Zhongnan Hospital of Wuhan University, Wuhan, China
| | - Ji Chen
- Department of Radiation and Medical Oncology, Hubei Key Laboratory of Tumor Biological Behaviors, Hubei Cancer Clinical Study Center, Zhongnan Hospital of Wuhan University, Wuhan, China
| | - Dajiang Wang
- Department of Radiation and Medical Oncology, Hubei Key Laboratory of Tumor Biological Behaviors, Hubei Cancer Clinical Study Center, Zhongnan Hospital of Wuhan University, Wuhan, China
| | - Hongli Zhao
- Department of Radiation and Medical Oncology, Hubei Key Laboratory of Tumor Biological Behaviors, Hubei Cancer Clinical Study Center, Zhongnan Hospital of Wuhan University, Wuhan, China
| | - Shaoxing Sun
- Department of Radiation and Medical Oncology, Hubei Key Laboratory of Tumor Biological Behaviors, Hubei Cancer Clinical Study Center, Zhongnan Hospital of Wuhan University, Wuhan, China
| | - Zijie Mei
- Department of Radiation and Medical Oncology, Hubei Key Laboratory of Tumor Biological Behaviors, Hubei Cancer Clinical Study Center, Zhongnan Hospital of Wuhan University, Wuhan, China
| | - Conghua Xie
- Department of Radiation and Medical Oncology, Hubei Key Laboratory of Tumor Biological Behaviors, Hubei Cancer Clinical Study Center, Zhongnan Hospital of Wuhan University, Wuhan, China
| | - Xiaoyong Wang
- Department of Radiation and Medical Oncology, Hubei Key Laboratory of Tumor Biological Behaviors, Hubei Cancer Clinical Study Center, Zhongnan Hospital of Wuhan University, Wuhan, China..
| |
Collapse
|
|
3
|
Lohmann D, Shariff M, Schubert P, Sauer TO, Fietkau R, Bert C. Unified risk analysis in radiation therapy. Z Med Phys 2023; 33:479-488. [PMID: 36210227 PMCID: PMC10751707 DOI: 10.1016/j.zemedi.2022.08.006] [Citation(s) in RCA: 0] [Impact Index Per Article: 0] [Reference Citation Analysis] [Abstract] [Key Words] [MESH Headings] [Track Full Text] [Journal Information] [Subscribe] [Scholar Register] [Received: 02/14/2022] [Revised: 08/29/2022] [Accepted: 08/31/2022] [Indexed: 11/06/2022]
Abstract
PURPOSE The increasing complexity of new treatment methods as well as the Information Technology (IT) infrastructure within radiotherapy require new methods for risk analysis. This work presents a methodology on how to model the treatment process of radiotherapy in different levels. This subdivision makes it possible to perform workflow-specific risk analysis and to assess the impact of IT risks on the overall treatment workflow. METHODS A Unified Modeling Language (UML) activity diagram is used to model the workflows. The subdivision of the workflows into different levels is done with the help of swim lanes. The model created in this way is exported in an xml-compatible format and stored in a database with the help of a Python program. RESULTS Based on an existing risk analysis, the workflows CT Appointment, Glioblastoma Multiforme, and Deep Inspiration Breath Hold (DIBH) were modeled in detail. Part of the analysis are automatically generated workflow-specific risk matrices including risks of medical devices incorporated into a specific workflow. In addition, SQL queries allow to quickly retrieve e.g., the details of the medical device network installed in a department. CONCLUSION Activity diagrams of UML can be used to model workflows in radiotherapy. Through this, a connection between the different levels of the entire workflow can be established and workflow-specific risk analysis is possible.
Collapse
Affiliation(s)
- Daniel Lohmann
- Department of Radiation Oncology, Universitätsklinikum Erlangen, Friedrich-Alexander-Universität Erlangen-Nürnberg, Universitätsstraße 27, 91054 Erlangen, Germany; Comprehensive Cancer Center Erlangen-EMN (CCC ER-EMN), Erlangen, Germany.
| | - Maya Shariff
- Department of Radiation Oncology, Universitätsklinikum Erlangen, Friedrich-Alexander-Universität Erlangen-Nürnberg, Universitätsstraße 27, 91054 Erlangen, Germany; Comprehensive Cancer Center Erlangen-EMN (CCC ER-EMN), Erlangen, Germany
| | - Philipp Schubert
- Department of Radiation Oncology, Universitätsklinikum Erlangen, Friedrich-Alexander-Universität Erlangen-Nürnberg, Universitätsstraße 27, 91054 Erlangen, Germany; Comprehensive Cancer Center Erlangen-EMN (CCC ER-EMN), Erlangen, Germany
| | - Tim Oliver Sauer
- Department of Radiation Oncology, Universitätsklinikum Erlangen, Friedrich-Alexander-Universität Erlangen-Nürnberg, Universitätsstraße 27, 91054 Erlangen, Germany; Comprehensive Cancer Center Erlangen-EMN (CCC ER-EMN), Erlangen, Germany
| | - Rainer Fietkau
- Department of Radiation Oncology, Universitätsklinikum Erlangen, Friedrich-Alexander-Universität Erlangen-Nürnberg, Universitätsstraße 27, 91054 Erlangen, Germany; Comprehensive Cancer Center Erlangen-EMN (CCC ER-EMN), Erlangen, Germany
| | - Christoph Bert
- Department of Radiation Oncology, Universitätsklinikum Erlangen, Friedrich-Alexander-Universität Erlangen-Nürnberg, Universitätsstraße 27, 91054 Erlangen, Germany; Comprehensive Cancer Center Erlangen-EMN (CCC ER-EMN), Erlangen, Germany
| |
Collapse
|
|
4
|
Gates EDH, Wallner K, Tiwana J, Ford E, Phillips M, Lu L, Dumane V, Sheu RD, Kim M. Improved safety and quality in intravascular brachytherapy: A multi-institutional study using failure modes and effects analysis. Brachytherapy 2023; 22:779-789. [PMID: 37716819 DOI: 10.1016/j.brachy.2023.07.009] [Citation(s) in RCA: 0] [Impact Index Per Article: 0] [Reference Citation Analysis] [Abstract] [Key Words] [MESH Headings] [Track Full Text] [Journal Information] [Subscribe] [Scholar Register] [Received: 04/19/2023] [Revised: 06/20/2023] [Accepted: 07/27/2023] [Indexed: 09/18/2023]
Abstract
PURPOSE Highlight safety considerations in intravascular brachytherapy (IVBT) programs, provide relevant quality assurance (QA) and safety measures, and establish their effectiveness. METHODS AND MATERIALS Radiation oncologists, medical physicists, and cardiologists from three institutions performed a failure modes and effects analysis (FMEA) on the radiation delivery portion of IVBT. We identified 40 failure modes and rated the severity, occurrence, and detectability before and after consideration of safety practices. Risk priority numbers (RPN) and relative risk rankings were determined, and a sample QA safety checklist was developed. RESULTS We developed a process map based on multi-institutional consensus. Highest-RPN failure modes were due to incorrect source train length, incorrect vessel diameter, and missing prior radiation history. Based on these, we proposed QA and safety measures: ten of which were not previously recommended. These measures improved occurrence and detectability: reducing the average RPN from 116 to 58 and median from 84 to 40. Importantly, the average RPN of the top 10% of failure modes reduced from 311 to 172. With QA considered, the highest risk failure modes were from contamination and incorrect source train length. CONCLUSIONS We identified several high-risk failure modes in IVBT procedures and practical safety and QA measures to address them.
Collapse
Affiliation(s)
- Evan D H Gates
- Department of Radiation Oncology, University of Washington, Seattle, WA.
| | - Kent Wallner
- Department of Radiation Oncology, University of Washington, Seattle, WA
| | - Jasleen Tiwana
- Division of Cardiology, University of Washington, Seattle, WA
| | - Eric Ford
- Department of Radiation Oncology, University of Washington, Seattle, WA
| | - Mark Phillips
- Department of Radiation Oncology, University of Washington, Seattle, WA
| | - Lan Lu
- Department of Radiation Oncology, Cleveland Clinic, Cleveland, OH
| | - Vishruta Dumane
- Department of Radiation Oncology, Icahn School of Medicine at Mount Sinai, New York, NY
| | - Ren-Dih Sheu
- Department of Radiation Oncology, Icahn School of Medicine at Mount Sinai, New York, NY
| | - Minsun Kim
- Department of Radiation Oncology, University of Washington, Seattle, WA
| |
Collapse
|
|
5
|
Bright M, Foster RD, Hampton CJ, Ruiz J, Moeller B. Failure modes and effects analysis for surface-guided DIBH breast radiotherapy. J Appl Clin Med Phys 2022; 23:e13541. [PMID: 35112445 PMCID: PMC8992938 DOI: 10.1002/acm2.13541] [Citation(s) in RCA: 6] [Impact Index Per Article: 2.0] [Reference Citation Analysis] [Abstract] [Key Words] [Track Full Text] [Download PDF] [Figures] [Journal Information] [Subscribe] [Scholar Register] [Received: 03/18/2021] [Revised: 11/19/2021] [Accepted: 01/03/2022] [Indexed: 12/04/2022] Open
Abstract
Despite breast cancer prevalence and widespread adoption of deep inspiration breath‐hold (DIBH) radiation techniques, few data exist on the error risks related to using surface‐guided (SG) DIBH during breast radiation therapy (RT). Due to the increasingly technical nature of these methods and being a paradigm shift from traditional breast setups/treatments, the associated risk for error is high. Failure modes and effects analysis (FMEA) has been used in identifying risky RT processes yet is time‐consuming to perform. A subset of RT staff and a hospital patient‐safety representative performed FMEA to study SG‐DIBH RT processes. After this group (cohort 1) analyzed these processes, additional scoring data were acquired from RT staff uninvolved in the original FMEA (cohort 2). Cohort 2 received abbreviated FMEA training while using the same process maps that cohort 1 had created, which was done with the goal of validating our results and exploring the feasibility of expedited FMEA training and efficient implementation elsewhere. An extensive review of the SG‐DIBH RT process revealed 57 failure modes in 16 distinct steps. Risks deemed to have the highest priority, large risk priority number (RPN), and severity were addressed with policy changes, checklists, and standardization; of these, most were linked with operator error via manual inputs and verification. Reproducibility results showed that 5% of the average RPN between cohorts 1 and 2 was statistically different. Unexpected associations were noted between RPN and RT staff role; 12% of the physicist and therapist average scores were statistically different. Different levels of FMEA training yielded similar scoring within one RT department, suggesting a time‐savings can be achieved with abbreviated training. Scores between professions, however, yielded significant differences suggesting the importance of involving staff across disciplines.
Collapse
Affiliation(s)
- Megan Bright
- Levine Cancer Institute, Department of Radiation Oncology, Atrium Health Cabarrus, Concord, North Carolina, USA
| | - Ryan D Foster
- Levine Cancer Institute, Department of Radiation Oncology, Atrium Health Cabarrus, Concord, North Carolina, USA
| | - Carnell J Hampton
- Levine Cancer Institute, Atrium Health, Charlotte, North Carolina, USA
| | - Justin Ruiz
- Levine Cancer Institute, Department of Radiation Oncology, Atrium Health Cabarrus, Concord, North Carolina, USA
| | - Benjamin Moeller
- Levine Cancer Institute, Department of Radiation Oncology, Atrium Health Cabarrus, Concord, North Carolina, USA
| |
Collapse
|