AUTHOR=Abbou Benyamine , Kessel Boris , Ben Natan Merav , Gabbay-Benziv Rinat , Dahan Shriki Dikla , Ophir Anna , Goldschmid Nimrod , Klein Adi , Roguin Ariel , Dudkiewicz Mickey TITLE=When all computers shut down: the clinical impact of a major cyber-attack on a general hospital JOURNAL=Frontiers in Digital Health VOLUME=6 YEAR=2024 URL=https://www.frontiersin.org/journals/digital-health/articles/10.3389/fdgth.2024.1321485 DOI=10.3389/fdgth.2024.1321485 ISSN=2673-253X ABSTRACT=Importance

Healthcare organizations operate in a data-rich environment and depend on digital computerized systems; thus, they may be exposed to cyber threats. Indeed, one of the most vulnerable sectors to hacks and malware is healthcare. However, the impact of cyberattacks on healthcare organizations remains under-investigated.

Objective

This study aims to describe a major attack on an entire medical center that resulted in a complete shutdown of all computer systems and to identify the critical actions required to resume regular operations.

Setting

This study was conducted on a public, general, and acute care referral university teaching hospital.

Methods

We report the different recovery measures on various hospital clinical activities and their impact on clinical work.

Results

The system malfunction of hospital computers did not reduce the number of heart catheterizations, births, or outpatient clinic visits. However, a sharp drop in surgical activities, emergency room visits, and total hospital occupancy was observed immediately and during the first postattack week. A gradual increase in all clinical activities was detected starting in the second week after the attack, with a significant increase of 30% associated with the restoration of the electronic medical records (EMR) and laboratory module and a 50% increase associated with the return of the imaging module archiving. One limitation of the present study is that, due to its retrospective design, there were no data regarding the number of elective internal care hospitalizations that were considered crucial.

Conclusions and relevance

The risk of ransomware cyberattacks is growing. Healthcare systems at all levels of the hospital should be aware of this threat and implement protocols should this catastrophic event occur. Careful evaluation of steady computer system recovery weekly enables vital hospital function, even under a major cyberattack. The restoration of EMR, laboratory systems, and imaging archiving modules was found to be the most significant factor that allowed the return to normal clinical hospital work.