Oops, you're using an old version of your browser so some of the features on this page may not be displaying properly.

MINIMAL Requirements: Google Chrome 24+Mozilla Firefox 20+Internet Explorer 11Opera 15–18Apple Safari 7SeaMonkey 2.15-2.23

Become a member
  1. OncologyPRO
  2. Meeting Resources
  3. ESMO Congress 2023

Poster session 23

1730P - Dealing with digital paralysis: Surviving a cyberattack in a cancer centre

Date

21 Oct 2023

Session

Poster session 23

Topics

Cancer Intelligence (eHealth, Telehealth Technology, BIG Data);  Multi-Disciplinary and Multi-Professional Cancer Care;  Cancer Prevention

Tumour Site

Presenters

Rachel J. Keogh

Citation

Annals of Oncology (2023) 34 (suppl_2): S925-S953. 10.1016/S0923-7534(23)01945-2

Authors

R.J. Keogh1, H.M. Harvey2, C. Brady3, E. Hassett4, S.J. Costelloe5, M. J O’Sullivan6, M. Twomey7, M.J. O'Leary8, M.R. Cahill9, A. O'Riordan10, C.M. Joyce11, A. Flavin12, R. Bambury13, D. Murray14, K. bennett15, M. Mullooly16, S. O'Reilly17

Author affiliations

  • 1 Medical Oncology Department, Cork University Hospital, T12 - DCA/IE
  • 2 Oncology Department, St James's Hospital, D08 NHY1 - Dublin/IE
  • 3 Medical Oncology Dept., CUH - Cork University Hospital, T12 DFK4 - Cork/IE
  • 4 Cancer Trials Cork, CUH - Cork University Hospital, T12 DFK4 - Cork/IE
  • 5 Department Of Clinical Biochemistry, CUH - Cork University Hospital, T12 DFK4 - Cork/IE
  • 6 Department Of Surgery, CUH - Cork University Hospital, T12 DFK4 - Cork/IE
  • 7 Radiology, CUH - Cork University Hospital, T12 DFK4 - Cork/IE
  • 8 Palliative Care, Marymount University Hospital & Hospice, T12 A710 - Cork/IE
  • 9 Haematology, CUH - Cork University Hospital, T12 DFK4 - Cork/IE
  • 10 Unscheduled Care Directorate, CUH - Cork University Hospital, T12 DFK4 - Cork/IE
  • 11 Biochemistry, CUH - Cork University Hospital, T12 DFK4 - Cork/IE
  • 12 Department Of Radiotherapy, Bons Secours Hospital Cork, Cork/IE
  • 13 Medical Oncology Department, CUH - Cork University Hospital, T12 DFK4 - Cork/IE
  • 14 Natioanl Cancer Registry Ireland, National Cancer Registry Ireland, T12CDF7 - Cork/IE
  • 15 Division Of Population Health Sciences, RCSI - Royal College of Surgeons in Ireland, D02 YN77 - Dublin/IE
  • 16 School Of Public Health, RCSI - Royal College of Surgeons in Ireland, D02 YN77 - Dublin/IE
  • 17 Oncology Dept., CUH - Cork University Hospital, T12 DFK4 - Cork/IE

Resources

Login to get immediate access to this content.

If you do not have an ESMO account, please create one for free.

Login

Abstract 1730P

Background

A constellation of a large attack surface of interconnected devices and cyberimmaturity renders healthcare ripe to cybercrime. These vulnerabilities and their consequences will be magnified by the exponential growth in artificial intelligence. We assess the impact and implications of a cyberattack on a national cancer centre.

Methods

On 14 May 2021 (day 0), the first national healthcare ransomware attack occurred within which all hospitals including Cork University Hospital (CUH) Cancer Centre was implicated. Contingency plans were only present in laboratory services who had previously experience information technology (IT) failures. Departmental handwritten logs of activity and responses for 700 days after the attack were reviewed.

Results

Following the attack, all IT systems were shut down. No hospital cyberattack emergency plan was in place. Within CUH, on day 0, all radiotherapy (RT) treatment stopped, outpatient activity fell by 50%, and elective surgery stopped. Haematology, biochemistry and radiology capacity fell by 90% (daily sample deficit (DSD) 2700 samples), 75% (DSD 2,250 samples), and 90% (100% mammography/PETscan) respectively. Histopathology reporting times doubled (7 to 15 days). or paused IT links. Outsourcing of radiology and radiotherapy (RT) commenced, alternative communication networks (e.g., proton mail; Siilo) were utilised and national conference calls for RT and clinical trials were established. 136 patients had interrupted RT: median gap day 6 days category 1, 10 days for remaining patients. By day 28, e-mail communication was restored. By day 210, reporting and data storage backlogs were cleared and over 2000 computers were checked/replaced by the Irish Army. Notification of patients and staff whose data was compromised is ongoing (day 720).

Conclusions

Cyberattacks have rapid, profound and protracted impacts. While laboratory and diagnostic deficits were readily quantified, the impact of disrupted/delayed care on patient outcomes is less readily quantifiable but likely to be much greater. As criminals and nation states weaponize the internet, cyberawareness and cyberattack plans need to be embedded in healthcare.

Clinical trial identification

Editorial acknowledgement

Legal entity responsible for the study

The authors.

Funding

Has not received any funding.

Disclosure

R.J. Keogh: Financial Interests, Other, Travel, Accommodations, Expenses: MSD. All other authors have declared no conflicts of interest.

Resources from the same session

This site uses cookies. Some of these cookies are essential, while others help us improve your experience by providing insights into how the site is being used.

For more detailed information on the cookies we use, please check our Privacy Policy.

Customise settings

  • Necessary cookies enable core functionality. The website cannot function properly without these cookies, and you can only disable them by changing your browser preferences.