1
|
Pham TT, Loo TM, Malhotra A, Longhurst CA, Hylton D, Dameff C, Tully J, Wardi G, Sell RE, Pearce AK. Ransomware Cyberattack Associated With Cardiac Arrest Incidence and Outcomes at Untargeted, Adjacent Hospitals. Crit Care Explor 2024; 6:e1079. [PMID: 38605720 PMCID: PMC11008621 DOI: 10.1097/cce.0000000000001079] [Citation(s) in RCA: 0] [Impact Index Per Article: 0] [Reference Citation Analysis] [What about the content of this article? (0)] [Affiliation(s)] [Abstract] [Key Words] [Grants] [Track Full Text] [Download PDF] [Figures] [Journal Information] [Subscribe] [Scholar Register] [Indexed: 04/13/2024] Open
Abstract
OBJECTIVES Healthcare ransomware cyberattacks have been associated with major regional hospital disruptions, but data reporting patient-oriented outcomes in critical conditions such as cardiac arrest (CA) are limited. This study examined the CA incidence and outcomes of untargeted hospitals adjacent to a ransomware-infected healthcare delivery organization (HDO). DESIGN SETTING AND PATIENTS This cohort study compared the CA incidence and outcomes of two untargeted academic hospitals adjacent to an HDO under a ransomware cyberattack during the pre-attack (April 3-30, 2021), attack (May 1-28, 2021), and post-attack (May 29, 2021-June 25, 2021) phases. INTERVENTIONS None. MEASUREMENTS AND MAIN RESULTS Emergency department and hospital mean daily census, number of CAs, mean daily CA incidence per 1,000 admissions, return of spontaneous circulation, survival to discharge, and survival with favorable neurologic outcome were measured. The study evaluated 78 total CAs: 44 out-of-hospital CAs (OHCAs) and 34 in-hospital CAs. The number of total CAs increased from the pre-attack to attack phase (21 vs. 38; p = 0.03), followed by a decrease in the post-attack phase (38 vs. 19; p = 0.01). The number of total CAs exceeded the cyberattack month forecast (May 2021: 41 observed vs. 27 forecasted cases; 95% CI, 17.0-37.4). OHCA cases also exceeded the forecast (May 2021: 24 observed vs. 12 forecasted cases; 95% CI, 6.0-18.8). Survival with favorable neurologic outcome rates for all CAs decreased, driven by increases in OHCA mortality: survival with favorable neurologic rates for OHCAs decreased from the pre-attack phase to attack phase (40.0% vs. 4.5%; p = 0.02) followed by an increase in the post-attack phase (4.5% vs. 41.2%; p = 0.01). CONCLUSIONS Untargeted hospitals adjacent to ransomware-infected HDOs may see worse outcomes for patients suffering from OHCA. These findings highlight the critical need for cybersecurity disaster planning and resiliency.
Collapse
Affiliation(s)
- Thaidan T Pham
- Department of Medicine, University of California San Diego, San Diego, CA
| | | | - Atul Malhotra
- Department of Medicine, Division of Pulmonary, Critical Care, Sleep Medicine & Physiology, University of California San Diego, San Diego, CA
| | - Christopher A Longhurst
- Department of Medicine, Division of Biomedical Informatics, University of California San Diego, San Diego, CA
- Office of the University of California, San Diego Health Chief Executive Officer, University of California San Diego, San Diego, CA
| | - Diana Hylton
- Department of Anesthesiology, University of California San Diego, San Diego, CA
| | - Christian Dameff
- Department of Medicine, Division of Biomedical Informatics, University of California San Diego, San Diego, CA
- Department of Emergency Medicine, University of California San Diego, San Diego, CA
- Department of Computer Science and Engineering, University of California San Diego, San Diego, CA
| | - Jeffrey Tully
- Department of Anesthesiology, University of California San Diego, San Diego, CA
| | - Gabriel Wardi
- Department of Medicine, Division of Pulmonary, Critical Care, Sleep Medicine & Physiology, University of California San Diego, San Diego, CA
- Department of Emergency Medicine, University of California San Diego, San Diego, CA
| | - Rebecca E Sell
- Department of Medicine, Division of Pulmonary, Critical Care and Sleep Medicine, University of Washington, Seattle, WA
| | - Alex K Pearce
- Department of Medicine, Division of Pulmonary, Critical Care, Sleep Medicine & Physiology, University of California San Diego, San Diego, CA
| |
Collapse
|
2
|
Abbou B, Kessel B, Ben Natan M, Gabbay-Benziv R, Dahan Shriki D, Ophir A, Goldschmid N, Klein A, Roguin A, Dudkiewicz M. When all computers shut down: the clinical impact of a major cyber-attack on a general hospital. Front Digit Health 2024; 6:1321485. [PMID: 38433989 PMCID: PMC10904636 DOI: 10.3389/fdgth.2024.1321485] [Citation(s) in RCA: 0] [Impact Index Per Article: 0] [Reference Citation Analysis] [What about the content of this article? (0)] [Affiliation(s)] [Abstract] [Key Words] [Track Full Text] [Figures] [Journal Information] [Subscribe] [Scholar Register] [Received: 10/14/2023] [Accepted: 02/05/2024] [Indexed: 03/05/2024] Open
Abstract
Importance Healthcare organizations operate in a data-rich environment and depend on digital computerized systems; thus, they may be exposed to cyber threats. Indeed, one of the most vulnerable sectors to hacks and malware is healthcare. However, the impact of cyberattacks on healthcare organizations remains under-investigated. Objective This study aims to describe a major attack on an entire medical center that resulted in a complete shutdown of all computer systems and to identify the critical actions required to resume regular operations. Setting This study was conducted on a public, general, and acute care referral university teaching hospital. Methods We report the different recovery measures on various hospital clinical activities and their impact on clinical work. Results The system malfunction of hospital computers did not reduce the number of heart catheterizations, births, or outpatient clinic visits. However, a sharp drop in surgical activities, emergency room visits, and total hospital occupancy was observed immediately and during the first postattack week. A gradual increase in all clinical activities was detected starting in the second week after the attack, with a significant increase of 30% associated with the restoration of the electronic medical records (EMR) and laboratory module and a 50% increase associated with the return of the imaging module archiving. One limitation of the present study is that, due to its retrospective design, there were no data regarding the number of elective internal care hospitalizations that were considered crucial. Conclusions and relevance The risk of ransomware cyberattacks is growing. Healthcare systems at all levels of the hospital should be aware of this threat and implement protocols should this catastrophic event occur. Careful evaluation of steady computer system recovery weekly enables vital hospital function, even under a major cyberattack. The restoration of EMR, laboratory systems, and imaging archiving modules was found to be the most significant factor that allowed the return to normal clinical hospital work.
Collapse
Affiliation(s)
- Benyamine Abbou
- Hospital Administration, Hillel Yaffe Medical Center, Hadera, Israel
- Ruth and Bruce Rappaport Faculty of Medicine, Technion – Israel Institute of Technology, Haifa, Israel
| | - Boris Kessel
- Ruth and Bruce Rappaport Faculty of Medicine, Technion – Israel Institute of Technology, Haifa, Israel
- Surgical Division, Hillel Yaffe Medical Center, Hadera, Israel
| | - Merav Ben Natan
- Pat Matthews Academic School of Nursing, Hillel Yaffe Medical Center, Hadera, Israel
| | - Rinat Gabbay-Benziv
- Ruth and Bruce Rappaport Faculty of Medicine, Technion – Israel Institute of Technology, Haifa, Israel
- Division of Obstetrics and Gynecology, Hillel Yaffe Medical Center, Hadera, Israel
| | | | - Anna Ophir
- Ruth and Bruce Rappaport Faculty of Medicine, Technion – Israel Institute of Technology, Haifa, Israel
- Surgical Division, Hillel Yaffe Medical Center, Hadera, Israel
| | - Nimrod Goldschmid
- Ruth and Bruce Rappaport Faculty of Medicine, Technion – Israel Institute of Technology, Haifa, Israel
- Risk Management Department, Hillel Yaffe Medical Center, Hadera, Israel
| | - Adi Klein
- Ruth and Bruce Rappaport Faculty of Medicine, Technion – Israel Institute of Technology, Haifa, Israel
- Division of Pediatrics, Hillel Yaffe Medical Center, Hadera, Israel
| | - Ariel Roguin
- Ruth and Bruce Rappaport Faculty of Medicine, Technion – Israel Institute of Technology, Haifa, Israel
- Division of Cardiology, Hillel Yaffe Medical Center, Hadera, Israel
| | - Mickey Dudkiewicz
- Hospital Administration, Hillel Yaffe Medical Center, Hadera, Israel
- Ruth and Bruce Rappaport Faculty of Medicine, Technion – Israel Institute of Technology, Haifa, Israel
| |
Collapse
|
3
|
Razaque A, Yoo J, Bektemyssova G, Alshammari M, Chinibayeva TT, Amanzholova S, Alotaibi A, Umutkulov D. Efficient Internet-of-Things Cyberattack Depletion Using Blockchain-Enabled Software-Defined Networking and 6G Network Technology. Sensors (Basel) 2023; 23:9690. [PMID: 38139535 PMCID: PMC10747852 DOI: 10.3390/s23249690] [Citation(s) in RCA: 0] [Impact Index Per Article: 0] [Reference Citation Analysis] [What about the content of this article? (0)] [Affiliation(s)] [Abstract] [Key Words] [Grants] [Track Full Text] [Subscribe] [Scholar Register] [Received: 09/26/2023] [Revised: 11/09/2023] [Accepted: 11/29/2023] [Indexed: 12/24/2023]
Abstract
Low-speed internet can negatively impact incident response by causing delayed detection, ineffective response, poor collaboration, inaccurate analysis, and increased risk. Slow internet speeds can delay the receipt and analysis of data, making it difficult for security teams to access the relevant information and take action, leading to a fragmented and inadequate response. All of these factors can increase the risk of data breaches and other security incidents and their impact on IoT-enabled communication. This study combines virtual network function (VNF) technology with software -defined networking (SDN) called virtual network function software-defined networking (VNFSDN). The adoption of the VNFSDN approach has the potential to enhance network security and efficiency while reducing the risk of cyberattacks. This approach supports IoT devices that can analyze large volumes of data in real time. The proposed VNFSDN can dynamically adapt to changing security requirements and network conditions for IoT devices. VNFSDN uses threat filtration and threat-capturing and decision-driven algorithms to minimize cyber risks for IoT devices and enhance network performance. Additionally, the integrity of IoT devices is safeguarded by addressing the three risk categories of data manipulation, insertion, and deletion. Furthermore, the prioritized delegated proof of stake (PDPoS) consensus variant is integrated with VNFSDN to combat attacks. This variant addresses the scalability issue of blockchain technology by providing a safe and adaptable environment for IoT devices that can quickly be scaled up and down to pull together the changing demands of the organization, allowing IoT devices to efficiently utilize resources. The PDPoS variant provides flexibility to IoT devices to proactively respond to potential security threats, preventing or mitigating the impact of cyberattacks. The proposed VNFSDN dynamically adapts to the changing security requirements and network conditions, improving network resiliency and enabling proactive threat detection. Finally, we compare the proposed VNFSDN to existing state-of-the-art approaches. According to the results, the proposed VNFSDN has a 0.08 ms minimum response time, a 2% packet loss rate, 99.5% network availability, a 99.36% threat detection rate, and a 99.77% detection accuracy with 1% malicious nodes.
Collapse
Affiliation(s)
- Abdul Razaque
- School of Computing, Gachon University, Seongnam 13120, Republic of Korea;
| | - Joon Yoo
- School of Computing, Gachon University, Seongnam 13120, Republic of Korea;
| | - Gulnara Bektemyssova
- Department of Computer Engineering and Information System, International Information Technology University, Almaty 050000, Kazakhstan; (T.T.C.); (D.U.)
| | - Majid Alshammari
- Computers and Information Technology College, Taif University, Taif 26571, Saudi Arabia;
| | - Tolganay T. Chinibayeva
- Department of Computer Engineering and Information System, International Information Technology University, Almaty 050000, Kazakhstan; (T.T.C.); (D.U.)
| | - Saule Amanzholova
- Department of Cybersecurity, International Information Technology University, Almaty 050000, Kazakhstan;
| | - Aziz Alotaibi
- Computers and Information Technology College, Taif University, Taif 26571, Saudi Arabia;
| | - Dauren Umutkulov
- Department of Computer Engineering and Information System, International Information Technology University, Almaty 050000, Kazakhstan; (T.T.C.); (D.U.)
| |
Collapse
|
4
|
Haque S, El-Moussa F, Komninos N, Muttukrishnan R. A Systematic Review of Data-Driven Attack Detection Trends in IoT. Sensors (Basel) 2023; 23:7191. [PMID: 37631728 PMCID: PMC10457981 DOI: 10.3390/s23167191] [Citation(s) in RCA: 0] [Impact Index Per Article: 0] [Reference Citation Analysis] [What about the content of this article? (0)] [Affiliation(s)] [Abstract] [Key Words] [Track Full Text] [Subscribe] [Scholar Register] [Received: 06/30/2023] [Revised: 08/08/2023] [Accepted: 08/09/2023] [Indexed: 08/27/2023]
Abstract
The Internet of Things is perhaps a concept that the world cannot be imagined without today, having become intertwined in our everyday lives in the domestic, corporate and industrial spheres. However, irrespective of the convenience, ease and connectivity provided by the Internet of Things, the security issues and attacks faced by this technological framework are equally alarming and undeniable. In order to address these various security issues, researchers race against evolving technology, trends and attacker expertise. Though much work has been carried out on network security to date, it is still seen to be lagging in the field of Internet of Things networks. This study surveys the latest trends used in security measures for threat detection, primarily focusing on the machine learning and deep learning techniques applied to Internet of Things datasets. It aims to provide an overview of the IoT datasets available today, trends in machine learning and deep learning usage, and the efficiencies of these algorithms on a variety of relevant datasets. The results of this comprehensive survey can serve as a guide and resource for identifying the various datasets, experiments carried out and future research directions in this field.
Collapse
Affiliation(s)
- Safwana Haque
- Department of Electrical and Electronic Engineering, School of Science & Technology, City, University of London, Northampton Square, London EC1V 0HB, UK; (S.H.); (N.K.)
| | | | - Nikos Komninos
- Department of Electrical and Electronic Engineering, School of Science & Technology, City, University of London, Northampton Square, London EC1V 0HB, UK; (S.H.); (N.K.)
| | - Rajarajan Muttukrishnan
- Department of Electrical and Electronic Engineering, School of Science & Technology, City, University of London, Northampton Square, London EC1V 0HB, UK; (S.H.); (N.K.)
| |
Collapse
|
5
|
Portela D, Nogueira-Leite D, Almeida R, Cruz-Correia R. Economic Impact of a Hospital Cyberattack in a National Health System: Descriptive Case Study. JMIR Form Res 2023; 7:e41738. [PMID: 37389934 PMCID: PMC10365569 DOI: 10.2196/41738] [Citation(s) in RCA: 0] [Impact Index Per Article: 0] [Reference Citation Analysis] [What about the content of this article? (0)] [Affiliation(s)] [Abstract] [Key Words] [Track Full Text] [Journal Information] [Subscribe] [Scholar Register] [Received: 08/06/2022] [Revised: 04/24/2023] [Accepted: 05/10/2023] [Indexed: 07/01/2023] Open
Abstract
BACKGROUND Over the last decade, the frequency and size of cyberattacks in the health care industry have increased, ranging from breaches of processes or networks to encryption of files that restrict access to data. These attacks may have multiple consequences for patient safety, as they can, for example, target electronic health records, access to critical information, and support for critical systems, thereby causing delays in hospital activities. The effects of cybersecurity breaches are not only a threat to patients' lives but also have financial consequences due to causing inactivity in health care systems. However, publicly available information on these incidents quantifying their impact is scarce. OBJECTIVE We aim, while using public domain data from Portugal, to (1) identify data breaches in the public national health system since 2017 and (2) measure the economic impact using a hypothesized scenario as a case study. METHODS We retrieved data from multiple national and local media sources on cybersecurity from 2017 until 2022 and built a timeline of attacks. In the absence of public information on cyberattacks, reported drops in activity were estimated using a hypothesized scenario for affected resources and percentages and duration of inactivity. Only direct costs were considered for estimates. Data for estimates were produced based on planned activity through the hospital contract program. We use sensitivity analysis to illustrate how a midlevel ransomware attack might impact health institutions' daily costs (inferring a potential range of values based on assumptions). Given the heterogeneity of our included parameters, we also provide a tool for users to distinguish such impacts of different attacks on institutions according to different contract programs, served population size, and proportion of inactivity. RESULTS From 2017 to 2022, we were able to identify 6 incidents in Portuguese public hospitals using public domain data (there was 1 incident each year and 2 in 2018). Financial impacts were obtained from a cost point of view, where estimated values have a minimum-to-maximum range of €115,882.96 to €2,317,659.11 (a currency exchange rate of €1=US $1.0233 is applicable). Costs of this range and magnitude were inferred assuming different percentages of affected resources and with different numbers of working days while considering the costs of external consultation, hospitalization, and use of in- and outpatient clinics and emergency rooms, for a maximum of 5 working days. CONCLUSIONS To enhance cybersecurity capabilities at hospitals, it is important to provide robust information to support decision-making. Our study provides valuable information and preliminary insights that can help health care organizations better understand the costs and risks associated with cyber threats and improve their cybersecurity strategies. Additionally, it demonstrates the importance of adopting effective preventive and reactive strategies, such as contingency plans, as well as enhanced investment in improving cybersecurity capabilities in this critical area while aiming to achieve cyber-resilience.
Collapse
Affiliation(s)
- Diana Portela
- Department of Community Medicine, Information and Health Decision Sciences (MEDCIDS), Faculty of Medicine, University of Porto, Porto, Portugal
- Doctoral Programme in Health Data Science (HEADS), Faculty of Medicine, University of Porto, Porto, Portugal
| | - Diogo Nogueira-Leite
- Department of Community Medicine, Information and Health Decision Sciences (MEDCIDS), Faculty of Medicine, University of Porto, Porto, Portugal
- Doctoral Programme in Health Data Science (HEADS), Faculty of Medicine, University of Porto, Porto, Portugal
- Nova School of Business and Economics Health Economics and Management Knowledge Center, New University of Lisbon, Lisbon, Portugal
- eMAIS: Movimento Associação dos Sistemas de Informação em Saúde, Porto, Portugal
| | - Rafael Almeida
- Department of Community Medicine, Information and Health Decision Sciences (MEDCIDS), Faculty of Medicine, University of Porto, Porto, Portugal
- eMAIS: Movimento Associação dos Sistemas de Informação em Saúde, Porto, Portugal
| | - Ricardo Cruz-Correia
- Department of Community Medicine, Information and Health Decision Sciences (MEDCIDS), Faculty of Medicine, University of Porto, Porto, Portugal
- Doctoral Programme in Health Data Science (HEADS), Faculty of Medicine, University of Porto, Porto, Portugal
- eMAIS: Movimento Associação dos Sistemas de Informação em Saúde, Porto, Portugal
| |
Collapse
|
6
|
Alqudhaibi A, Albarrak M, Aloseel A, Jagtap S, Salonitis K. Predicting Cybersecurity Threats in Critical Infrastructure for Industry 4.0: A Proactive Approach Based on Attacker Motivations. Sensors (Basel) 2023; 23:s23094539. [PMID: 37177743 PMCID: PMC10181696 DOI: 10.3390/s23094539] [Citation(s) in RCA: 0] [Impact Index Per Article: 0] [Reference Citation Analysis] [What about the content of this article? (0)] [Affiliation(s)] [Abstract] [Key Words] [Track Full Text] [Subscribe] [Scholar Register] [Received: 03/23/2023] [Revised: 04/26/2023] [Accepted: 05/05/2023] [Indexed: 05/15/2023]
Abstract
In Industry 4.0, manufacturing and critical systems require high levels of flexibility and resilience for dynamic outcomes. Industrial Control Systems (ICS), specifically Supervisory Control and Data Acquisition (SCADA) systems, are commonly used for operation and control of Critical Infrastructure (CI). However, due to the lack of security controls, standards, and proactive security measures in the design of these systems, they have security risks and vulnerabilities. Therefore, efficient and effective security solutions are needed to secure the conjunction between CI and I4.0 applications. This paper predicts potential cyberattacks and threats against CI systems by considering attacker motivations and using machine learning models. The approach presents a novel cybersecurity prediction technique that forecasts potential attack methods, depending on specific CI and attacker motivations. The proposed model's accuracy in terms of False Positive Rate (FPR) reached 66% with the trained and test datasets. This proactive approach predicts potential attack methods based on specific CI and attacker motivations, and doubling the trained data sets will improve the accuracy of the proposed model in the future.
Collapse
Affiliation(s)
- Adel Alqudhaibi
- School of Aerospace Transport and Manufacturing (SATM), Cranfield University, Cranfield MK43 0AL, UK
| | - Majed Albarrak
- School of Information Studies, Syracuse University, Syracuse, NY 13244, USA
| | - Abdulmohsan Aloseel
- School of Aerospace Transport and Manufacturing (SATM), Cranfield University, Cranfield MK43 0AL, UK
| | - Sandeep Jagtap
- School of Aerospace Transport and Manufacturing (SATM), Cranfield University, Cranfield MK43 0AL, UK
| | - Konstantinos Salonitis
- School of Aerospace Transport and Manufacturing (SATM), Cranfield University, Cranfield MK43 0AL, UK
| |
Collapse
|
7
|
Gabbay-Benziv R, Ben-Natan M, Roguin A, Abbou B, Ofir A, Klein A, Dahan-Shriki D, Hallak M, Kessel B, Dudkiewicz M. When the lights go down in the delivery room: Lessons from a ransomware attack. Int J Gynaecol Obstet 2023. [PMID: 36740900 DOI: 10.1002/ijgo.14687] [Citation(s) in RCA: 0] [Impact Index Per Article: 0] [Reference Citation Analysis] [What about the content of this article? (0)] [Affiliation(s)] [Abstract] [Key Words] [Track Full Text] [Journal Information] [Subscribe] [Scholar Register] [Received: 09/11/2022] [Revised: 12/05/2022] [Accepted: 01/04/2023] [Indexed: 02/07/2023]
Abstract
OBJECTIVE To describe the challenges facing the obstetric division following a cyberattack and discuss ways of preparing for and overcoming another one. METHODS A retrospective descriptive study conducted in a mid-sized medical center. Division activities, including the number of deliveries, cesarean sections, emergency room visits, admissions, maternal-fetal medicine department occupancy, and ambulatory encounters, from 2 weeks before the attack to 8 weeks following it (a total of 11 weeks), were compared with the retrospective period in 2019 (pre-COVID-19). In addition, we present the challenges and adaptation measures taken at the division and hospital levels leading up to the resumption of full division activity. RESULTS On the day of the cyberattack, critical decisions were made. The media announced the event, calling on patients not to come to our hospital. Also, all elective activities other than cesarean deliveries were stopped. The number of deliveries, admissions, and both emergency room and ambulatory clinic visits decreased by 5%-10% overall for 11 weeks, reflecting the decrease in division activity. Nevertheless, in all stations, there were sufficient activities and adaptation measures to ensure patient safety, decision-making, and workflow of patients were accounted for. CONCLUSIONS The risk of ransomware cyberattacks is growing. Healthcare systems at all levels should recognize this threat and have protocols for dealing with them once they occur.
Collapse
Affiliation(s)
- Rinat Gabbay-Benziv
- Department of Obstetrics and Gynecology Division, Hillel Yaffe Medical Center, Hadera, Israel.,The Ruth and Bruce Rappaport Faculty of Medicine, Haifa, Israel
| | - Merav Ben-Natan
- The Ruth and Bruce Rappaport Faculty of Medicine, Haifa, Israel.,Department of Hospital Administration, Hillel Yaffe Medical Center, Hadera, Israel
| | - Ariel Roguin
- The Ruth and Bruce Rappaport Faculty of Medicine, Haifa, Israel.,Department of Cardiology Department, Hillel Yaffe Medical Center, Hadera, Israel
| | - Benyamine Abbou
- The Ruth and Bruce Rappaport Faculty of Medicine, Haifa, Israel.,Department of Hospital Administration, Hillel Yaffe Medical Center, Hadera, Israel
| | - Anna Ofir
- The Ruth and Bruce Rappaport Faculty of Medicine, Haifa, Israel.,Department of Hospital Administration, Hillel Yaffe Medical Center, Hadera, Israel
| | - Adi Klein
- The Ruth and Bruce Rappaport Faculty of Medicine, Haifa, Israel.,Department of Pediatric Department, Hillel Yaffe Medical Center, Hadera, Israel
| | - Dikla Dahan-Shriki
- The Ruth and Bruce Rappaport Faculty of Medicine, Haifa, Israel.,Department of Hospital Administration, Hillel Yaffe Medical Center, Hadera, Israel
| | - Mordechai Hallak
- Department of Obstetrics and Gynecology Division, Hillel Yaffe Medical Center, Hadera, Israel.,The Ruth and Bruce Rappaport Faculty of Medicine, Haifa, Israel
| | - Boris Kessel
- The Ruth and Bruce Rappaport Faculty of Medicine, Haifa, Israel.,Department of Surgical Division, Hillel Yaffe Medical Center, Hadera, Israel
| | - Mickey Dudkiewicz
- The Ruth and Bruce Rappaport Faculty of Medicine, Haifa, Israel.,Department of Hospital Administration, Hillel Yaffe Medical Center, Hadera, Israel
| |
Collapse
|
8
|
O'Shea K, Coleman L, Fahy L, Kleefeld C, Foley MJ, Moore M. Compensation for radiotherapy treatment interruptions due to a cyberattack: An isoeffective DVH-based dose compensation decision tool. J Appl Clin Med Phys 2022; 23:e13716. [PMID: 35856482 PMCID: PMC9512352 DOI: 10.1002/acm2.13716] [Citation(s) in RCA: 2] [Impact Index Per Article: 1.0] [Reference Citation Analysis] [What about the content of this article? (0)] [Affiliation(s)] [Abstract] [Key Words] [Track Full Text] [Download PDF] [Figures] [Journal Information] [Subscribe] [Scholar Register] [Received: 12/01/2021] [Revised: 03/17/2022] [Accepted: 06/10/2022] [Indexed: 11/28/2022] Open
Abstract
Unscheduled interruptions to radiotherapy treatments lead to decreased tumor control probability (TCP). Rapid cell repopulation in the tumor increases due to the absence of radiation dose, resulting in the loss of TCP. Compensation for this loss is required to prevent or reduce an extension of the patient's overall treatment time and regain the original TCP. The cyberattack on the Irish public health service in May 2021 prevented radiotherapy treatment delivery resulting in treatment interruptions of up to 12 days. Current standards for treatment gap calculations are performed using the Royal College of Radiologists (RCR) methodology, using a point‐dose for planning target volume (PTV) and the organs at risk (OAR). An in‐house tool, named EQD2VH, was created in Python to perform treatment gap calculations using the dose–volume histogram (DVH) information in DICOM data extracted from commercial treatment planning system plans. The physical dose in each dose bin was converted into equivalent dose in 2‐Gy fractions (EQD2), accounting for tumor cell repopulation. This EQD2‐based DVH provides a 2D representation of the impact of treatment gap compensation strategies on both PTV and OAR dose distributions compared to the intended prescribed treatment plan. This additional information can aid clinicians’ choice of compensation options. EQD2VH was evaluated using five high‐priority patients experiencing a treatment interruption when the cyberattack occurred. Compensation plans were created using the RCR methodology to evaluate EQD2VH as a decision‐making tool. The EQD2VH method demonstrated that the comparison of compensated treatment plans alongside the original intended treatment plans using isoeffective DVH analysis can be achieved. It enabled a visual and quantitative comparison between treatment plan options and provided an individual analysis of each structure in a patient's plan. It demonstrated potential to be a useful decision‐making tool for finding a balance between optimizing dose to PTV while protecting OARs.
Collapse
Affiliation(s)
- Katie O'Shea
- School of Physics, National University of Ireland Galway, Galway, Ireland
| | - Linda Coleman
- Department of Medical Physics and Clinical Engineering, University Hospital Galway, Galway, Ireland
| | - Louise Fahy
- Department of Medical Physics and Clinical Engineering, University Hospital Galway, Galway, Ireland
| | - Christoph Kleefeld
- School of Physics, National University of Ireland Galway, Galway, Ireland.,Department of Medical Physics and Clinical Engineering, University Hospital Galway, Galway, Ireland
| | - Mark J Foley
- School of Physics, National University of Ireland Galway, Galway, Ireland
| | - Margaret Moore
- Department of Medical Physics and Clinical Engineering, University Hospital Galway, Galway, Ireland
| |
Collapse
|
9
|
Hajjaj OI, Modi D, Owens W, Duybestyn A, Thompson T, Callum JL. The burden of cyberattacks on blood management and conservation efforts. Transfusion 2022; 62:1149-1151. [PMID: 35526230 DOI: 10.1111/trf.16860] [Citation(s) in RCA: 0] [Impact Index Per Article: 0] [Reference Citation Analysis] [What about the content of this article? (0)] [Affiliation(s)] [Key Words] [Track Full Text] [Journal Information] [Subscribe] [Scholar Register] [Received: 01/04/2022] [Revised: 02/14/2022] [Accepted: 03/12/2022] [Indexed: 11/27/2022]
Affiliation(s)
- Omar I Hajjaj
- Department of Laboratory Medicine and Molecular Diagnostics, Sunnybrook Health Sciences Centre, Toronto, Ontario, Canada
| | - Dimpy Modi
- Department of Laboratory Medicine and Molecular Diagnostics, Sunnybrook Health Sciences Centre, Toronto, Ontario, Canada
- Department of Medicine, McMaster University, Hamilton, Ontario, Canada
| | - Wendy Owens
- Ontario Regional Blood Coordinating Network Office, Toronto, Ontario, Canada
| | - Andrew Duybestyn
- Ontario Regional Blood Coordinating Network Office, Toronto, Ontario, Canada
| | - Troy Thompson
- Ontario Regional Blood Coordinating Network Office, Toronto, Ontario, Canada
| | - Jeannie L Callum
- Department of Laboratory Medicine and Molecular Diagnostics, Sunnybrook Health Sciences Centre, Toronto, Ontario, Canada
- Department of Laboratory Medicine and Pathobiology, University of Toronto, Toronto, Ontario, Canada
- Department of Pathology and Molecular Medicine, Kingston Health Sciences Centre and Queen's University, Kingston, Ontario, Canada
| |
Collapse
|
10
|
Strong H, Pickles A, Hartery A. Lessons Learned from a Cyberattack on the Healthcare System of Newfoundland and Labrador: A Radiology Perspective. Can Assoc Radiol J 2022; 73:601-602. [PMID: 35199607 DOI: 10.1177/08465371221081549] [Citation(s) in RCA: 0] [Impact Index Per Article: 0] [Reference Citation Analysis] [What about the content of this article? (0)] [Affiliation(s)] [Key Words] [Track Full Text] [Journal Information] [Subscribe] [Scholar Register] [Indexed: 11/17/2022] Open
Affiliation(s)
- Hilary Strong
- Discipline of Radiology, Faculty of Medicine, 7512Memorial University of Newfoundland, Health Sciences Centre, St John's, NL, Canada
| | - Angela Pickles
- Discipline of Radiology, Faculty of Medicine, 7512Memorial University of Newfoundland, Health Sciences Centre, St John's, NL, Canada
| | - Angus Hartery
- Discipline of Radiology, Faculty of Medicine, 7512Memorial University of Newfoundland, Health Sciences Centre, St John's, NL, Canada
| |
Collapse
|
11
|
Goldstein JC, Goldstein HV. Intraoperative cyberattacks: cyberthreat awareness and cyber-resilience strategies in anesthesia. Can J Anaesth 2021; 68:1838-9. [PMID: 34494225 DOI: 10.1007/s12630-021-02102-2] [Citation(s) in RCA: 0] [Impact Index Per Article: 0] [Reference Citation Analysis] [What about the content of this article? (0)] [Key Words] [Track Full Text] [Download PDF] [Journal Information] [Subscribe] [Scholar Register] [Received: 08/24/2021] [Revised: 08/24/2021] [Accepted: 08/25/2021] [Indexed: 11/27/2022] Open
|
12
|
Poleto T, Silva MM, Clemente TRN, de Gusmão APH, Araújo APDB, Costa APCS. A Risk Assessment Framework Proposal Based on Bow-Tie Analysis for Medical Image Diagnosis Sharing within Telemedicine. Sensors (Basel) 2021; 21:s21072426. [PMID: 33915932 PMCID: PMC8037815 DOI: 10.3390/s21072426] [Citation(s) in RCA: 2] [Impact Index Per Article: 0.7] [Reference Citation Analysis] [What about the content of this article? (0)] [Affiliation(s)] [Abstract] [Key Words] [MESH Headings] [Track Full Text] [Download PDF] [Figures] [Subscribe] [Scholar Register] [Received: 12/09/2020] [Revised: 01/05/2021] [Accepted: 01/11/2021] [Indexed: 01/07/2023]
Abstract
The purpose of this paper is to propose a framework for cybersecurity risk management in telemedicine. The framework, which uses a bow-tie approach for medical image diagnosis sharing, allows the identification, analysis, and assessment of risks, considering the ISO/TS 13131:2014 recommendations. The bow-tie method combines fault tree analysis (FTA) and event tree analysis (ETA). The literature review supported the identification of the main causes and forms of control associated with cybersecurity risks in telemedicine. The main finding of this paper is that it is possible, through a structured model, to manage risks and avoid losses for everyone involved in the process of exchanging medical image information through telemedicine services. Through the framework, those responsible for the telemedicine services can identify potential risks in cybersecurity and act preventively, recognizing the causes even as, in a mitigating way, identifying viable controls and prioritizing investments. Despite the existence of many studies on cybersecurity, the paper provides theoretical contributions to studies on cybersecurity risks and features a new methodological approach, which incorporates both causes and consequences of the incident scenario.
Collapse
Affiliation(s)
- Thiago Poleto
- Department of Business Administration, Federal University of Pará, Belém 66075-110, Brazil
- Correspondence:
| | - Maisa Mendonça Silva
- Department of Management Engineering, Universidade Federal de Pernambuco, Recife 50670-901, Brazil; (M.M.S.); (A.P.d.B.A.); (A.P.C.S.C.)
| | | | | | - Ana Paula de Barros Araújo
- Department of Management Engineering, Universidade Federal de Pernambuco, Recife 50670-901, Brazil; (M.M.S.); (A.P.d.B.A.); (A.P.C.S.C.)
| | - Ana Paula Cabral Seixas Costa
- Department of Management Engineering, Universidade Federal de Pernambuco, Recife 50670-901, Brazil; (M.M.S.); (A.P.d.B.A.); (A.P.C.S.C.)
| |
Collapse
|
13
|
Linkov V, Zámečník P, Havlíčková D, Pai CW. Human Factors in the Cybersecurity of Autonomous Vehicles: Trends in Current Research. Front Psychol 2019; 10:995. [PMID: 31130903 PMCID: PMC6509749 DOI: 10.3389/fpsyg.2019.00995] [Citation(s) in RCA: 23] [Impact Index Per Article: 4.6] [Reference Citation Analysis] [What about the content of this article? (0)] [Affiliation(s)] [Abstract] [Key Words] [Track Full Text] [Download PDF] [Journal Information] [Subscribe] [Scholar Register] [Received: 12/14/2018] [Accepted: 04/15/2019] [Indexed: 11/13/2022] Open
Abstract
The cybersecurity of autonomous vehicles (AVs) is an important emerging area of research in traffic safety. Because human failure is the most common reason for a successful cyberattack, human-factor researchers and psychologists might improve AV cybersecurity by researching how to decrease the probability of a successful attack. We review some areas of research connected to the human factor in cybersecurity and find many potential issues. Psychologists might research the characteristics of people prone to cybersecurity failure, the types of scenarios they fail in and the factors that influence this failure or over-trust of AV. Human behavior during a cyberattack might be researched, as well as how to educate people about cybersecurity. Multitasking has an effect on the ability to defend against a cyberattack and research is needed to set the appropriate policy. Human-resource researchers might investigate the skills required for personnel working in AV cybersecurity and how to detect potential defectors early. The psychological profile of cyber attackers should be investigated to be able to set policies to decrease their motivation. Finally, the decrease of driver's driving skills as a result of using AV and its connection to cybersecurity skills is also worth of research.
Collapse
Affiliation(s)
- Václav Linkov
- Department of Traffic Psychology, CDV – Transport Research Centre, Brno, Czechia
| | - Petr Zámečník
- Department of Traffic Psychology, CDV – Transport Research Centre, Brno, Czechia
| | - Darina Havlíčková
- Department of Traffic Psychology, CDV – Transport Research Centre, Brno, Czechia
| | - Chih-Wei Pai
- Graduate Institute of Injury Prevention and Control, College of Public Health, Taipei Medical University, Taipei, Taiwan
| |
Collapse
|