Assessing resilience of hospitals to cyberattack
Objective This paper investigates the impact on emergency hospital services from initiation through recovery of a ransomware attack affecting the emergency department, intensive care unit and supporting laboratory services. Recovery strategies of paying ransom to the attackers with follow-on restora...
Guardado en:
| Autores principales: | , , , , |
|---|---|
| Formato: | article |
| Lenguaje: | EN |
| Publicado: |
SAGE Publishing
2021
|
| Materias: | |
| Acceso en línea: | https://doaj.org/article/245248421d7643ac8e9f348ac5bf40fa |
| Etiquetas: |
Agregar Etiqueta
Sin Etiquetas, Sea el primero en etiquetar este registro!
|
| id |
oai:doaj.org-article:245248421d7643ac8e9f348ac5bf40fa |
|---|---|
| record_format |
dspace |
| spelling |
oai:doaj.org-article:245248421d7643ac8e9f348ac5bf40fa2021-12-01T00:05:00ZAssessing resilience of hospitals to cyberattack2055-207610.1177/20552076211059366https://doaj.org/article/245248421d7643ac8e9f348ac5bf40fa2021-11-01T00:00:00Zhttps://doi.org/10.1177/20552076211059366https://doaj.org/toc/2055-2076Objective This paper investigates the impact on emergency hospital services from initiation through recovery of a ransomware attack affecting the emergency department, intensive care unit and supporting laboratory services. Recovery strategies of paying ransom to the attackers with follow-on restoration and in-house full system restoration from backup are compared. Methods A multi-unit, patient-based and resource-constrained discrete-event simulation model of a typical U.S. urban tertiary hospital is adapted to model the attack, its impacts, and tested recovery strategies. The model is used to quantify the hospital's resilience to cyberattack. Insights were gleaned from systematically designed numerical experiments. Results While paying the ransom was found to result in some short-term gains assuming the perpetrators actually provide the decryption key as promised, in the longer term, the results of this study suggest that paying the ransom does not pay off. Rather, paying the ransom, when considered at the end of the event when services are fully restored, precluded significantly more patients from receiving critically needed care. Also noted was a lag in recovery for the intensive care unit as compared with the emergency department. Such a lag must be considered in preparedness plans. Conclusion Vulnerability to cyberattacks is a major challenge to the healthcare system. This paper provides a methodology for assessing the resilience of a hospital to cyberattacks and analyzing the effects of different response strategies. The model showed that paying the ransom resulted in short-term gains but did not pay off in the longer term.Hadi GhayoomiKathryn LaskeyElise Miller-HooksCharles HooksMersedeh TariverdiSAGE PublishingarticleComputer applications to medicine. Medical informaticsR858-859.7ENDigital Health, Vol 7 (2021) |
| institution |
DOAJ |
| collection |
DOAJ |
| language |
EN |
| topic |
Computer applications to medicine. Medical informatics R858-859.7 |
| spellingShingle |
Computer applications to medicine. Medical informatics R858-859.7 Hadi Ghayoomi Kathryn Laskey Elise Miller-Hooks Charles Hooks Mersedeh Tariverdi Assessing resilience of hospitals to cyberattack |
| description |
Objective This paper investigates the impact on emergency hospital services from initiation through recovery of a ransomware attack affecting the emergency department, intensive care unit and supporting laboratory services. Recovery strategies of paying ransom to the attackers with follow-on restoration and in-house full system restoration from backup are compared. Methods A multi-unit, patient-based and resource-constrained discrete-event simulation model of a typical U.S. urban tertiary hospital is adapted to model the attack, its impacts, and tested recovery strategies. The model is used to quantify the hospital's resilience to cyberattack. Insights were gleaned from systematically designed numerical experiments. Results While paying the ransom was found to result in some short-term gains assuming the perpetrators actually provide the decryption key as promised, in the longer term, the results of this study suggest that paying the ransom does not pay off. Rather, paying the ransom, when considered at the end of the event when services are fully restored, precluded significantly more patients from receiving critically needed care. Also noted was a lag in recovery for the intensive care unit as compared with the emergency department. Such a lag must be considered in preparedness plans. Conclusion Vulnerability to cyberattacks is a major challenge to the healthcare system. This paper provides a methodology for assessing the resilience of a hospital to cyberattacks and analyzing the effects of different response strategies. The model showed that paying the ransom resulted in short-term gains but did not pay off in the longer term. |
| format |
article |
| author |
Hadi Ghayoomi Kathryn Laskey Elise Miller-Hooks Charles Hooks Mersedeh Tariverdi |
| author_facet |
Hadi Ghayoomi Kathryn Laskey Elise Miller-Hooks Charles Hooks Mersedeh Tariverdi |
| author_sort |
Hadi Ghayoomi |
| title |
Assessing resilience of hospitals to cyberattack |
| title_short |
Assessing resilience of hospitals to cyberattack |
| title_full |
Assessing resilience of hospitals to cyberattack |
| title_fullStr |
Assessing resilience of hospitals to cyberattack |
| title_full_unstemmed |
Assessing resilience of hospitals to cyberattack |
| title_sort |
assessing resilience of hospitals to cyberattack |
| publisher |
SAGE Publishing |
| publishDate |
2021 |
| url |
https://doaj.org/article/245248421d7643ac8e9f348ac5bf40fa |
| work_keys_str_mv |
AT hadighayoomi assessingresilienceofhospitalstocyberattack AT kathrynlaskey assessingresilienceofhospitalstocyberattack AT elisemillerhooks assessingresilienceofhospitalstocyberattack AT charleshooks assessingresilienceofhospitalstocyberattack AT mersedehtariverdi assessingresilienceofhospitalstocyberattack |
| _version_ |
1718406128626302976 |