SIIM 2022: 7 ways to be ever-prepared for cyberattack

What role do imaging informaticists play in the planning and recovery phases of cyberattacks? A growing one, according to a virtual session presented at the Society for Imaging Informatics in Medicine’s annual conference. 

Explaining that both cyberattack planning and mitigation measures are very much a collaborative effort between informaticists, IT professionals, vendors, technologists, radiologists and several other departments, Sylvia Devlin, RT(R), MS, Director of Clinical Applications Operations for Radiology Partners and Po Hao Chen, MD, Chief Imaging Informatics Officer for Cleveland Clinic Foundation, both shared their firsthand experiences with continuing operations following a ransomware attack. 

Devlin, a long-time technologist herself, described the immediate aftermath following cyberattacks as “complete gridlock in imaging,” but explained that while some decisions after an attack are inevitably reactive her experience with such helped her to learn how to plan for unplanned downtime in the future. 

Here is some of the advice Devlin and Chen have for facilities/departments that might be preparing their own protocols for outages: 

  1. Listen to/follow the technologists. Learn about their workflows, needs and how they currently adapt when part of the imaging process is interrupted (like when PACS or the EMR is down) to find areas that can be addressed ahead of time. For this, Chen recommends having standardized, organization-wide patient identifiers and pre-printed templates for imaging requisitions and dictations, which should include all the information that would normally be available via PACS or EMR. 

  1. Plan to relax administrative privileges where necessary so that a wider network of designated staff members have access to the patient information they require in a timelier manner. 

  1. Keep hard copies of downtime plans. And not just one copy, the presenters explained. Keep multiple copies, both on and off site, and keep them updated frequently. 

  1. Consider segmented networks. This piece of advice came from the Q&A portion of the presentation. Devlin explained that segmented networks (separate networks for radiology, pharmacy, admin, etc.) could help to temper attacks by limiting their reach. 

  1. Transition to temporary analog and digital workflows. This could come in the form of using CDs to share imaging across departments, DVDs, paper and temporary PACS servers. 

  1. Plan to temporarily save studies on modalities while waiting for the availability of PACS servers. 

  1. Don’t forget the basics. Chen explains that while data recovery and resuming clinical operations are the most pertinent tasks, many often forget about the basics required to do so, such as having plenty of printer ink and paper, offline copies of templates and protocols, and the availability of faxes and/or runners. 

After an attack, organizations could be forced to adapt for days, weeks or even months if they are required to start from the bottom with entirely new servers and networks. This is why it is important to have mitigation measures in place—and to practice and update those measures—in anticipation of the unforeseen. 

For more on SIIM 2022, click here.

Hannah murhphy headshot

In addition to her background in journalism, Hannah also has patient-facing experience in clinical settings, having spent more than 12 years working as a registered rad tech. She joined Innovate Healthcare in 2021 and has since put her unique expertise to use in her editorial role with Health Imaging.

Around the web

The nuclear imaging isotope shortage of molybdenum-99 may be over now that the sidelined reactor is restarting. ASNC's president says PET and new SPECT technologies helped cardiac imaging labs better weather the storm.

CMS has more than doubled the CCTA payment rate from $175 to $357.13. The move, expected to have a significant impact on the utilization of cardiac CT, received immediate praise from imaging specialists.

The newly cleared offering, AutoChamber, was designed with opportunistic screening in mind. It can evaluate many different kinds of CT images, including those originally gathered to screen patients for lung cancer. 

Trimed Popup
Trimed Popup