Health Service Executive, National Quality and Patient Safety Directorate, Dublin, Ireland.
UCD IRIS Centre, School of Nursing, Midwifery and Health Systems, University College Dublin, Dublin, Ireland.
BMC Health Serv Res. 2023 Oct 17;23(1):1112. doi: 10.1186/s12913-023-10076-8.
In May 2021, the Irish public health service was the target of a cyber-attack. The response by the health service resulted in the widespread removal of access to ICT systems. While services including radiology, diagnostics, maternity, and oncology were prioritised for reinstatement, recovery efforts continued for over four months. This study describes the response of health service staff to the loss of ICT systems, and the risk mitigation measures introduced to safely continue health services. The resilience displayed by frontline staff whose rapid and innovative response ensured continuity of safe patient care is explored.
To gain an in-depth understanding of staff experiences of the cyber-attack, eight focus groups (n = 36) were conducted. Participants from a diverse range of health services were recruited, including staff from radiology, pathology/laboratories, radiotherapy, maternity, primary care dental services, health and wellbeing, COVID testing, older person's care, and disability services. Thematic Analysis was applied to the data to identify key themes.
The impact of the cyber-attack varied across services depending on the type of care being offered, the reliance on IT systems, and the extent of local IT support. Staff stepped-up to the challenges and quickly developed and implemented innovative solutions, exhibiting great resilience, teamwork and adaptability, with a sharp focus on ensuring patient safety. The cyber-attack resulted in a flattening of the healthcare hierarchy, with shared decision-making at local levels leading to an empowered frontline workforce. However, participants in this study felt the stress placed on staff by the attack was more severe than the cumulative effect of the COVID-19 pandemic.
Limited contingencies within the health system IT infrastructure - what we call a lack of system resilience - was compensated for by a resilient workforce. Within the context of the prevailing COVID-19 pandemic, this was an enormous burden on a dedicated workforce. The adverse impact of this attack may have long-term and far-reaching consequences for staff wellbeing. Design and investment in a resilient health system must be prioritised.
2021 年 5 月,爱尔兰公共卫生服务成为网络攻击的目标。卫生服务部门的应对措施导致广泛取消了对信息和通信技术系统的访问。虽然包括放射科、诊断、妇产科和肿瘤学在内的服务被优先考虑恢复,但恢复工作仍持续了四个多月。本研究描述了卫生服务人员对信息和通信技术系统丧失的反应,以及为安全继续提供卫生服务而引入的风险缓解措施。本文探讨了一线工作人员的应变能力,他们的快速和创新反应确保了安全的患者护理的连续性。
为了深入了解工作人员对网络攻击的体验,进行了八次焦点小组(n=36)。参与者来自各种不同的卫生服务,包括放射科、病理学/实验室、放射治疗、妇产科、初级保健牙科服务、健康和福利、COVID 检测、老年人护理和残疾服务。应用主题分析对数据进行分析,以确定关键主题。
网络攻击的影响因服务而异,取决于提供的护理类型、对 IT 系统的依赖程度以及当地 IT 支持的程度。工作人员迎接挑战,迅速开发并实施了创新解决方案,表现出很强的适应能力、团队合作精神和应变能力,高度关注患者安全。网络攻击导致医疗保健层次扁平化,在当地层面上进行共同决策,使一线员工更有权力。然而,本研究的参与者认为,这次攻击给员工带来的压力比 COVID-19 大流行的累积影响更严重。
卫生系统信息和通信技术基础设施中的应急计划有限——我们称之为系统弹性不足——被一支有适应能力的员工队伍所弥补。在当前 COVID-19 大流行的背景下,这给敬业的员工带来了巨大的负担。这次攻击的不利影响可能对员工的健康福祉产生长期和深远的影响。必须优先考虑设计和投资有弹性的卫生系统。
