Evolving Threats in Cybersecurity and Radiation Oncology
- Cyberattacks on health care facilities are increasing and significantly affecting health care delivery throughout the world. The recent cyberattack on our hospital-based radiation facility exposed vulnerabilities of radiation oncology systems and highlighted the dependence of radiation treatment on integrated and complex radiation planning, delivery and verification systems. After the cyberattack on our health care facility, radiation oncology staff reconstructed patient information, schedules, and radiation plans from existing paper records and physicians developed a system to triage patients requiring immediate transfer of radiation treatment to nearby facilities.
- Cyberattacks are increasing year after year and many organizations, including hospitals, are becoming targets. Radiation oncology is especially vulnerable because of the reliance on computer and network capabilities to transfer relevant patient information for safe and effective patient treatment. In early 2019, our institution was hit by a ransomware attack that brought down our oncology information system (OIS). Although we were not fully prepared for such an attack, a total of 69 treatment fractions occurred without our OIS thanks to the quick development of a contingency plan and the ability to restore the patients’ records.
- Modern image guided radiation therapy is dependent on information technology and data storage applications that, like any other digital technology, are at risk from cyberattacks. Owing to a recent escalation in cyberattacks affecting radiation therapy treatments, the American Society for Radiation Oncology's Advances in Radiation Oncology is inaugurating a new special manuscript category devoted to cybersecurity issues.
- As a result of a cyberattack on the University of Vermont Health Network, access to all servers and clinical systems was immediately halted by our information technology infrastructure team on October 28, 2020. This resulted in all hospital electronic medical records and laboratory, pharmacy, pathology, radiology, and messaging systems becoming inaccessible. Only access to basic information, including demographic information; medical, surgical, family, and social history; most recent labs; medications; and last clinic note, was available.