Cyber-shock and “digital withdrawal”: Organizational lLeadership and Crisis Management During a Hospital-wide Computer Shutdown Following a Ransomware Attack

Abstract

Introduction:In October 2021, Hillel Yaffe, MC, suffered a ransomware attack which shutdown most hospital computer systems, including patient EMR, pharmacy, communications, administration and backup systems. Staff were left in a state of “cyber-shock” without access to essential information for maintaining safety, quality and continuity of care. The aim of this presentation is to share the hospitals' experience and insights of this cyber-attack, outlining preparedness and response strategies.Method:This attack required a multifaceted emergency response strategy, including: Immediate response activated according to specific pre-prepared emergency scenario action listsLeadership decision making in real time under conditions of uncertaintyIdentifying the extent of systems affectedEstablishing alternative communication across the organizationDistributing real-time status updates and proactive guidelines, based on pre-existing emergency preparedness protocolsFinding alternative access to patient health historiesAdaptation and distribution of alternative hardcopy versions of patient evaluation and documentation normally done by EMRDistribution of instruction materials for staff via alternative communication, ensuring quick and correct adoption of alternative protocolsSpecial emphasis on patient safety, risk management, quality and continuity of careRecognition, support and resilience-building for staff facing uncertainty and unprecedented conditionsResults:Required preparations include pre-prepared standing orders and procedures, exercises and simulations. Advanced preparation of alternative documentation and care protocols will enable uninterrupted, safe, high-quality patient care. Familiarity with pen-and-paper documentation may minimize shock and disorientation from “digital withdrawal”, especially among younger workers lacking manual documentation experience. Staff members should also be instructed in maintaining “digital hygiene”, such as using strong passwords and awareness about cyber-security threats.Conclusion:Hospitals must prepare for potential cyber-attacks and EMR/digital system shutdowns. Cyber-attack should be treated by organizations as an emergency event, and they should prepare incident response and contingency plans, to assure business continuity and quick disaster recovery.