Background/Case Studies: Nearly 1,900 corporate cyber-attacks occurred in the US in 2021, and healthcare facilities are not exempt, with over 40 million patient records compromised in 2021 . A large blood center operates compatibility testing labs (CTLs) inside 2 hospitals in a medium size city. Facility A is a non-profit, Level II Trauma Center with over 700 beds beds, Facility B is a for-profit hospital with over 250 beds. Blood center’s Medical Laboratory Scientists (MLS) routinely rotate between the facilities. Facility A was the victim of a cyber-attack, resulting in the facility immediately shutting down all computer activities. The CTL has an independent network with no interface between the hospitals LIS and the CTL LIS thus CTL computer processes were not affected.
Study
Design/Methods: Facility A converted to downtime procedures, cancelled or diverted all non-critical procedures/ambulances to Facility B, and was closed to non-critical patients for 13 days. Critically ill and trauma patients continued to be admitted. CTL staff adjusted to handwritten paper orders and patient specimen labels. Patient identifiers were converted from medical record numbers to date of birth and finance numbers. The cyber-attack also required the CTL to make critical adjustments in staffing and inventories in response to changes in both hospitals’ needs.
Results/Findings: The cyber-attack affected workload at both facilities, as patients were diverted from one facility to the other. During the 13 days Facility A limited admissions, CTL workload decreased by 24%, while CTL workload at Facility B increased by 8%. The CTL manager immediately assessed staff schedules and component/supply/reagent inventories at both facilities. MLSs from Facility A were rotated to Facility B, while component/supply/reagent inventories were reallocated from Facility A to Facility B. In the two weeks following Facility A’s return to normal activities, the CTL continued to see a change in workload at the 2 facilities compared to pre-event numbers. Facility A’s workload continued to be decreased by 7%, while Facility B’s increased by 1%. Refer to Figure A Workload Comparisons. Workload, inventory, supplies and staffing continued to be monitored daily, with adjustments made as needed. Conclusions: Cyber-attacks affect all aspects of the operations of health care institutions and their contracted companies, making it essential for facilities to be prepared to continue to provide patient care despite the limitations imposed by loss of computer access. Downtime processes for every hospital function must be readily available, and alternate methods of communication (no email) with staff and vendors established. In the CTL, vigilant oversight of blood components, supplies and personnel is critical to the continued provision of effective patient care and inventory management.
Importance of research: The lessons learned during this event may provide valuable insights for other facilities who may experience a similar issue in the future.
