Anatomy of a Cyberattack: Part 2: Managing a Clinical Pathology Laboratory During 25 Days of Downtime

Goodwin, Andrew; Wilburn, Clayton; Wojewoda, Christina; Mesec, Jessica; Cacciatore, Lori S; Grove, Staci-Anne; Hajder, Armina; Stowman, Anne M.

doi:10.1093/ajcp/aqab213

Cited by 3 publications

(3 citation statements)

References 5 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Our hospital was the victim of a cyberattack, causing a complete shutdown of all computer systems for 25 days. [1][2][3][4] In the AP laboratory, we were forced to make decisions on specimen processing, risk management, staffing, and resource management in a high-stress environment, with impaired communication channels, lack of an EHR or any computer connectivity, and no prior experience running an AP laboratory entirely manually. Our routine downtime procedure could not support the system for a prolonged period, and as the work continued to come through the receiving window, we recognized the immediate need for action and coordination.…”

Section: Discussionmentioning

confidence: 99%

“…Our hospital was the victim of a cyberattack, causing a complete shutdown of all computer systems for 25 days 1–4 . In the AP laboratory, we were forced to make decisions on specimen processing, risk management, staffing, and resource management in a high-stress environment, with impaired communication channels, lack of an EHR or any computer connectivity, and no prior experience running an AP laboratory entirely manually.…”

Section: Discussionmentioning

confidence: 99%

See 1 more Smart Citation

Surviving a Cyberattack in Anatomic Pathology: Disaster Response and Creation of an Incident Command System

Stowman¹,

Kalof²

2022

AJSP: Reviews and Reports

View full text Add to dashboard Cite

Laboratories are increasingly reliant on networked electronic health information systems and therefore especially vulnerable to prolonged downtimes for a variety of reasons, which can be planned or unanticipated events. Our hospital was the victim of a cyberattack causing a complete shutdown of all computer systems, a downtime that lasted 25 days. The effects were devastating for patients, hospital employees, financials, public opinion, and hospital operations. After a week of downtime in the anatomic pathology laboratory, it became evident that our laboratory needed to rethink our organizational structure in order to regain operational status. It was then that we developed an Incident Command System, which allowed for 2-way communication and provided the adaptability and support needed to respond to the rapid process changes needed during the crisis.

show abstract

Section: Discussionmentioning

confidence: 99%

Section: Discussionmentioning

confidence: 99%

Surviving a Cyberattack in Anatomic Pathology: Disaster Response and Creation of an Incident Command System

Stowman¹,

Kalof²

2022

AJSP: Reviews and Reports

View full text Add to dashboard Cite

show abstract

“…Maintaining a separate data replicate away from the CIS's network can also potentially help with recovery from another disaster – malware attack. Some forms of cyberattack, such as ransomware, prevent user data access through encryption as was experienced by University of Vermont Medical Center in 2020 forcing 25 days of downtime operations 2–5 . In such instances, data replicates, if outside of the affected systems, can provide an accessible data source for downtime and recovery operations.…”

Section: Data Replicationmentioning

confidence: 99%

How do we leverage data through replication and warehousing to meet blood collection and transfusion service needs

Juskewitch,

Briggs,

Khan

et al. 2024

Transfusion

View full text Add to dashboard Cite

BackgroundWith the widespread adoption of Blood Establishment Computer Systems and other Blood Collection and Transfusion Service (BCTS) clinical information systems (CIS), electronic blood donor, product, and patient data are now routinely required for clinical, regulatory, operational, and quality needs. That data are often not readily accessible for such secondary use within CIS databases, particularly for applications with significant data availability requirements such as machine learning and artificial intelligence. Data replication provides one avenue by which CIS data can be made more readily available.Study Design and MethodsMembers of the AABB's Information Systems Committee along with institutional information technology colleagues provided a multi‐institutional viewpoint on data replication through the lens of BCTS specific use cases. Case studies of informatics offerings leveraging such technologies were also elicited.ResultsSix distinct use cases describe the potential role of data replication including the creation of data warehouses for frontline laboratory staff. Specific BCTS examples for each use case are presented to highlight the value of data replication, including visualization of critical inventory (O red blood cells, HLA‐compatible platelets) and utilization analytics for patient blood management. Two case studies describe the approach to implement such technologies to (1) optimize staffing via laboratory workload reporting and (2) improve access to blood via antigen‐negative blood product location services.DiscussionData replication and warehousing can empower BCTS analytic offerings not otherwise natively available through one's CIS to improve patient care and laboratory operations.

show abstract

Cybersecurity and Information Assurance for the Clinical Laboratory

Patel

Williams

Hart

et al. 2023

The Journal of Applied Laboratory Medicine

View full text Add to dashboard Cite

Background Network-connected medical devices have rapidly proliferated in the wake of recent global catalysts, leaving clinical laboratories and healthcare organizations vulnerable to malicious actors seeking to ransom sensitive healthcare information. As organizations become increasingly dependent on integrated systems and data-driven patient care operations, a sudden cyberattack and the associated downtime can have a devastating impact on patient care and the institution as a whole. Cybersecurity, information security, and information assurance principles are, therefore, vital for clinical laboratories to fully prepare for what has now become inevitable, future cyberattacks. Content This review aims to provide a basic understanding of cybersecurity, information security, and information assurance principles as they relate to healthcare and the clinical laboratories. Common cybersecurity risks and threats are defined in addition to current proactive and reactive cybersecurity controls. Information assurance strategies are reviewed, including traditional castle-and-moat and zero-trust security models. Finally, ways in which clinical laboratories can prepare for an eventual cyberattack with extended downtime are discussed. Summary The future of healthcare is intimately tied to technology, interoperability, and data to deliver the highest quality of patient care. Understanding cybersecurity and information assurance is just the first preparative step for clinical laboratories as they ensure the protection of patient data and the continuity of their operations.

show abstract

Anatomy of a Cyberattack: Part 2: Managing a Clinical Pathology Laboratory During 25 Days of Downtime

Cited by 3 publications

References 5 publications

Surviving a Cyberattack in Anatomic Pathology: Disaster Response and Creation of an Incident Command System

Surviving a Cyberattack in Anatomic Pathology: Disaster Response and Creation of an Incident Command System

How do we leverage data through replication and warehousing to meet blood collection and transfusion service needs

Cybersecurity and Information Assurance for the Clinical Laboratory

Contact Info

Product

Resources

About