Marsh-Armstrong Brennan, Pacheco Fernanda, Dameff Christian, Tully Jeffrey
University of California San Diego School of Medicine.
University of California San Diego Medical Center.
Res Sq. 2024 Apr 5:rs.3.rs-3959502. doi: 10.21203/rs.3.rs-3959502/v1.
Cybersecurity incidents affecting hospitals have grown in prevalence and consequence over the last two decades, increasing the importance of cybersecurity preparedness and response training to minimize clinical disruptions. This work describes the development, execution, and post-exercise assessment of a novel simulation scenario consisting of four interlocking intensive care unit (ICU) patient scenarios. This simulation was designed to demonstrate the management of acute pathologies without access to conventional treatment methods during a cybersecurity incident in order to raise clinician awareness of the increasing incidence and patient safety implications of such events.
The simulation was developed by a multidisciplinary team of physicians, simulation experts, and medical education experts at UCSD School of Medicine. The simulation involves the treatment of four patients, respectively experiencing postoperative hemorrhage, end stage renal disease, diabetic ketoacidosis, and hypoxic respiratory failure, all without access to networked medical resources. The simulation was first executed as part of the proceedings of CyberMed Summit, a healthcare cybersecurity conference in La Jolla, California, on November 19th, 2022. Following the simulation, a debrief session was held with the learner in front of conference attendees, with additional questioning and discussion prompted by attendee input.
Though limited to a single subject by the pilot-study nature of this research, the physician learner successfully identified the acute etiologies and managed the patients' acute decompensations while lacking access to the hospital's electronic medical records (EMRs), laboratory results, imaging, and communication systems. Review of footage of the event and post-experience interviews yielded numerous insights on the specific physician-focused challenges and possible solutions to a hospital-infrastructure-crippling cyber attack.
Healthcare cybersecurity incidents are known to result in significant disruption of clinical activities and can be viewed through a patient-safety oriented perspective. Simulation training may be a particularly effective method for raising clinician awareness of and preparedness for these events, though further research is required.
在过去二十年中,影响医院的网络安全事件在发生率和后果方面都有所增加,这凸显了网络安全防范和应急培训对于减少临床干扰的重要性。这项工作描述了一种新颖模拟场景的开发、执行和演练后评估,该场景由四个相互关联的重症监护病房(ICU)患者场景组成。此模拟旨在展示在网络安全事件期间,在无法使用传统治疗方法的情况下对急性病症的管理,以提高临床医生对这类事件发生率上升及其对患者安全影响的认识。
该模拟由加州大学圣地亚哥分校医学院的医生、模拟专家和医学教育专家组成的多学科团队开发。模拟涉及对四名患者的治疗,他们分别经历术后出血、终末期肾病、糖尿病酮症酸中毒和低氧性呼吸衰竭,且均无法使用联网医疗资源。该模拟于2022年11月19日在加利福尼亚州拉霍亚举行的医疗网络安全会议“CyberMed峰会”的议程中首次执行。模拟结束后,在会议参与者面前与学习者进行了一次总结会议,并根据参与者的意见进行了额外的提问和讨论。
尽管由于本研究的试点性质,样本仅为一名受试者,但这位医生学习者在无法访问医院电子病历(EMR)、实验室结果、影像和通信系统的情况下,成功识别了急性病因并处理了患者的急性失代偿情况。对事件录像和经验后访谈的回顾,产生了许多关于以医生为重点的特定挑战以及应对使医院基础设施瘫痪的网络攻击的可能解决方案的见解。
已知医疗网络安全事件会导致临床活动的重大干扰,并且可以从以患者安全为导向的角度来看待。模拟培训可能是提高临床医生对这些事件的认识和准备程度的一种特别有效的方法,不过还需要进一步研究。
