Skip to main page content
U.S. flag

An official website of the United States government

Dot gov

The .gov means it’s official.
Federal government websites often end in .gov or .mil. Before sharing sensitive information, make sure you’re on a federal government site.

Https

The site is secure.
The https:// ensures that you are connecting to the official website and that any information you provide is encrypted and transmitted securely.

Access keys NCBI Homepage MyNCBI Homepage Main Content Main Navigation
. 2020 Jul;21(7):181-186.
doi: 10.1002/acm2.12886. Epub 2020 Apr 24.

A practical cyberattack contingency plan for radiation oncology

Baoshe Zhang  1 Shifeng Chen  1 Elizabeth Nichols  1 Warren D'Souza  1 Karl Prado  1 Byongyong Yi  1
Affiliations

A practical cyberattack contingency plan for radiation oncology

Baoshe Zhang et al. J Appl Clin Med Phys. 2020 Jul.

Abstract

Purpose: This article presents a solution for continuing radiation therapy without interruption in the event of a cyberattack to the radiation oncology information systems (ROIS). This process could be easily deployed to any radiation oncology practice, with little clinical overhead or burden.

Methods and materials: The solution automatically retrieves all essential information from the clinical ROIS for each under-treatment patient and periodically (e.g., daily) saves these data to a dedicated secure server for recovery. In the event that the clinical ROIS is not functioning as a result of a cyberattack, this essential information is used to build a new secondary ROIS server to continue radiotherapy treatments until the main ROIS is recovered. Once the cyberattack threat is cleared, the clinical ROIS server is rebuilt from the institution's enterprise backup. The newly accumulated treatment information for each patient is then exported from the secondary ROIS to bring the clinical ROIS up to date.

Results: The Department of Radiation Oncology at the University of Maryland Medical System implemented this solution for clinical use with the Varian ARIA ROIS in the management of ~250 daily radiotherapy treatments, inclusive of a proton center. This solution was determined to be a feasible and affordable business continuity plan for the radiation oncology practice by minimizing radiation treatment downtime to a couple of hours in a simulated cyberattack drill.

Conclusions: The proposed solution can achieve continuation of radiation therapy treatment without treatment breaks in the event of a cyberattack. It also provides cushion time for radiation oncology departments to rebuild their clinical ROIS systems from the enterprise data backup.

Keywords: business continuity plan; contingency plan for radiation oncology; patient data security; radiation oncology information system.

PubMed Disclaimer

Conflict of interest statement

No Conflict of Interest.

Figures

Fig. 1
Fig. 1
How the under‐treatment patient list is obtained.
Fig. 2
Fig. 2
Automatic DICOM file retrieval.
Fig. 3
Fig. 3
Document retrieval.
Fig. 4
Fig. 4
Verification Procedure for DICOM files and EMR documents.
See this image and copyright information in PMC

References

    1. Branch LE. Cyber Threats and Healthcare Organizations: A Public Health Preparedness Perspective [dissertation]. Morgantown, WV: West Virginia University; 2018. Available at: https://search.proquest.com/docview/2217214460?pq‐origsite=gscholar. Accessed on October 14, 2019.
    1. Spence N, Niharika Bhardwaj MBBSM, Paul DP III. Ransomware in Healthcare Facilities: A Harbinger of the Future? Perspectives in Health Information Management. 2018;1–22.
    1. Armerding T.The 18 biggest data breaches of the 21st century [cited 2020 March 10]. Available from: https://www.csoonline.com/article/2130877/the‐biggest‐data‐breaches‐of‐t.... Accessed on March 10, 2020.
    1. Branch LE, Eller WS, Bias TK et al Trends in malware attacks against United States healthcare organizations, 2016–2017. Global Biosecurity. 2019;1:15–27.
    1. Coventry L, Branley D. Cybersecurity in healthcare: a narrative review of trends, threats and ways forward. Maturitas. 2018;113:48–52. - PubMed