We have located links that may give you full text access.
English Abstract
Journal Article
[Resilience against IT attacks in hospitals : Results from an exercise in a German university hospital].
Anaesthesiologie 2023 September 20
BACKGROUND: According to the legal definition healthcare systems and their components (e.g., hospitals) are part of the critical infrastructure of modern industrial nations. During the last few years hospitals increasingly became targets of cyber attacks causing severe impairment of their operability for weeks or even months. According to the German federal strategy for protection of critical infrastructures (KRITIS strategy), hospitals are obligated to take precautions against potential cyber attacks or other IT incidents.
OBJECTIVE: This article describes the process of planning, execution and results of an advanced table-top exercise which took place in a university hospital in Germany and simulated the first 3 days after a cyber attack causing a total failure of highly critical IT systems.
MATERIAL AND METHODS: During a first stage lasting about 8 months IT-dependent processes within the clinical routine were identified and analyzed. Then paper-based and off-line back-up processes and workarounds were developed and department-specific emergency plans were defined. Finally, selected central facilities such as pharmacy, laboratory, radiology, IT and the hospitals crisis management team took part in the actual disaster exercise. Afterwards the participants were asked to evaluate the exercise and the hospitals cyber security using a questionnaire. On this basis the authors visualized the hospital's resilience against cyber incidents and defined short-term, medium-term and long-term needs for action.
RESULTS: Of the participants 85% assessed the exercise as beneficial, 97% indicated that they received adequate support during the preparations and 75% had received sufficient information; however, only 34% had the opinion that the hospital's and their own preparedness against critical IT failures were sufficient. Before the exercise took place, IT-specific emergency plans were present only in 1.7% of the hospital facilities but after the exercise in 86.7% of the clinical and technical departments. The highest resilience against cyber attacks was not surprisingly reported by facilities that still work routinely with paper-based or off-line processes, the IT department showed the lowest resilience as it would come to a complete shutdown in cases of a total IT failure.
CONCLUSION: The authors concluded that the planning phase is the most important stage of developing the whole exercise, giving the best opportunity for working out fallback levels and workarounds and through this strengthen the hospitals resilience against cyber attacks and comparable incidents. A meticulous preparedness can minimize the severe effects a total IT failure can cause on patient care, staff and the hospital as a whole.
OBJECTIVE: This article describes the process of planning, execution and results of an advanced table-top exercise which took place in a university hospital in Germany and simulated the first 3 days after a cyber attack causing a total failure of highly critical IT systems.
MATERIAL AND METHODS: During a first stage lasting about 8 months IT-dependent processes within the clinical routine were identified and analyzed. Then paper-based and off-line back-up processes and workarounds were developed and department-specific emergency plans were defined. Finally, selected central facilities such as pharmacy, laboratory, radiology, IT and the hospitals crisis management team took part in the actual disaster exercise. Afterwards the participants were asked to evaluate the exercise and the hospitals cyber security using a questionnaire. On this basis the authors visualized the hospital's resilience against cyber incidents and defined short-term, medium-term and long-term needs for action.
RESULTS: Of the participants 85% assessed the exercise as beneficial, 97% indicated that they received adequate support during the preparations and 75% had received sufficient information; however, only 34% had the opinion that the hospital's and their own preparedness against critical IT failures were sufficient. Before the exercise took place, IT-specific emergency plans were present only in 1.7% of the hospital facilities but after the exercise in 86.7% of the clinical and technical departments. The highest resilience against cyber attacks was not surprisingly reported by facilities that still work routinely with paper-based or off-line processes, the IT department showed the lowest resilience as it would come to a complete shutdown in cases of a total IT failure.
CONCLUSION: The authors concluded that the planning phase is the most important stage of developing the whole exercise, giving the best opportunity for working out fallback levels and workarounds and through this strengthen the hospitals resilience against cyber attacks and comparable incidents. A meticulous preparedness can minimize the severe effects a total IT failure can cause on patient care, staff and the hospital as a whole.
Full text links
Related Resources
Trending Papers
Revascularization Strategy in Myocardial Infarction with Multivessel Disease.Journal of Clinical Medicine 2024 March 27
Intravenous infusion of dexmedetomidine during the surgery to prevent postoperative delirium and postoperative cognitive dysfunction undergoing non-cardiac surgery: a meta-analysis of randomized controlled trials.European Journal of Medical Research 2024 April 19
The Tricuspid Valve: A Review of Pathology, Imaging, and Current Treatment Options: A Scientific Statement From the American Heart Association.Circulation 2024 April 26
Consensus Statement on Vitamin D Status Assessment and Supplementation: Whys, Whens, and Hows.Endocrine Reviews 2024 April 28
Management of Diverticulitis: A Review.JAMA Surgery 2024 April 18
Interstitial Lung Disease: A Review.JAMA 2024 April 23
Get seemless 1-tap access through your institution/university
For the best experience, use the Read mobile app
All material on this website is protected by copyright, Copyright © 1994-2024 by WebMD LLC.
This website also contains material copyrighted by 3rd parties.
By using this service, you agree to our terms of use and privacy policy.
Your Privacy Choices 
You can now claim free CME credits for this literature searchClaim now
Get seemless 1-tap access through your institution/university
For the best experience, use the Read mobile app