{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,6,5]],"date-time":"2026-06-05T11:17:34Z","timestamp":1780658254139,"version":"3.54.1"},"reference-count":52,"publisher":"Springer Science and Business Media LLC","issue":"1","license":[{"start":{"date-parts":[[2025,4,23]],"date-time":"2025-04-23T00:00:00Z","timestamp":1745366400000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0"},{"start":{"date-parts":[[2025,4,23]],"date-time":"2025-04-23T00:00:00Z","timestamp":1745366400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0"}],"funder":[{"DOI":"10.13039\/100018452","name":"Fraunhofer-Institut f\u00fcr Sichere Informationstechnologie SIT","doi-asserted-by":"crossref","id":[{"id":"10.13039\/100018452","id-type":"DOI","asserted-by":"crossref"}]}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["BMC Med Inform Decis Mak"],"abstract":"<jats:title>Abstract<\/jats:title>\n          <jats:p>Today\u2019s medical IT is more and more connected and network or IT system outages may impact the quality of patient treatment. IT outages from cyberattacks are particularly worrisome if attackers focus on those medical IT devices that are critical for medical processes. However, medical processes are primarily documented for the hospital employees and not for analyzing the criticality of any given human or medical IT resource. This paper presents a generic model for realistic, patient-focused simulation of medical processes. The model allows the simulation of cyber incidents, focusing on device outages or overload situations like mass casualty incidents. Furthermore, we present a proof-of-concept tool that implements the described model, enabling end-users to simulate their processes. The tool offers the ability to run with low detailed data for overview purposes and highly detailed data for fine-grained simulation results. We perform different scenario simulations for a sample hospital, including the acute phase of a ransomware attack, negative performance impacts due to the implementation of cybersecurity measures, and emergency plans for mass casualty incidents. In each scenario, the respective simulation resulted in a quantitative statement of how these scenarios affect overall process performance and show possible key factors supporting decision-making. We use real-world data from a German trauma room to optimize and evaluate the process simulation.<\/jats:p>","DOI":"10.1186\/s12911-025-02988-8","type":"journal-article","created":{"date-parts":[[2025,4,23]],"date-time":"2025-04-23T08:25:24Z","timestamp":1745396724000},"update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":3,"title":["Simulating the overload of medical processes due to system failures during a cyberattack"],"prefix":"10.1186","volume":"25","author":[{"given":"Markus","family":"Willing","sequence":"first","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Simon","family":"Ebbers","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Christian","family":"Dresen","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Marc","family":"Czolbe","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Christoph","family":"Saatjohann","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Sebastian","family":"Schinzel","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"297","published-online":{"date-parts":[[2025,4,23]]},"reference":[{"key":"2988_CR1","unstructured":"Deutsche Krankenhaus Gesellschaft. Branchenspezifischer Sicherheitsstandard \u201cMedizinische Versorgung\u201d. 2022. https:\/\/www.dkgev.de\/themen\/digitalisierung-daten\/informationssicherheit-und-technischer-datenschutz\/informationssicherheit-im-krankenhaus\/"},{"issue":"5","key":"2988_CR2","doi-asserted-by":"publisher","first-page":"971","DOI":"10.1111\/1475-6773.13203","volume":"54","author":"SJ Choi","year":"2019","unstructured":"Choi SJ, Johnson ME, Lehmann CU. Data breach remediation efforts and their implications for hospital quality. Health Serv Res. 2019;54(5):971\u201380. https:\/\/doi.org\/10.1111\/1475-6773.13203.","journal-title":"Health Serv Res."},{"key":"2988_CR3","unstructured":"European Union Agency for Cybersecurity (ENISA). ENISA THREATLANDSCAPE: HEALTH SECTOR. 2023. https:\/\/www.enisa.europa.eu\/publications\/health-threat-landscape. 27 Jul 2023."},{"key":"2988_CR4","unstructured":"SoSafe GmbH. Cybercrime trends 2024. 2024. https:\/\/sosafe-awareness.com\/de\/ressourcen\/reports\/cybercrime-trends\/"},{"key":"2988_CR5","unstructured":"Heise. Cyber-Angriffe: Lahmgelegte IT bei Uni, Presseagentur und Klinikum. 2022. https:\/\/www.heise.de\/\/news\/Cyber-Angriffe-Lahmgelegte-IT-bei-Uni-Presseagentur-und-Klinikum-7359862.html"},{"issue":"4","key":"2988_CR6","doi-asserted-by":"publisher","first-page":"14","DOI":"10.1109\/MSP.2013.49","volume":"11","author":"H Alemzadeh","year":"2013","unstructured":"Alemzadeh H, Iyer RK, Kalbarczyk Z, Raman J. Analysis of safety-critical computer failures in medical devices. IEEE Secur Privacy. 2013;11(4):14\u201326.","journal-title":"IEEE Secur Privacy."},{"key":"2988_CR7","unstructured":"Spence N, Paul III DP, Coustasse A. Ransomware in healthcare facilities: the future is now. In: Proceedings for the Academy of Business Research, Fall 2017 Conference. 2017."},{"issue":"3","key":"2988_CR8","doi-asserted-by":"publisher","first-page":"185","DOI":"10.1057\/palgrave.jit.2000122","volume":"23","author":"H Salmela","year":"2008","unstructured":"Salmela H. 2008. Analysing business losses caused by information systems risk: a business process analysis approach. J Inf Technol. 23(3):185\u2013202. https:\/\/doi.org\/10.1057\/palgrave.jit.2000122.","journal-title":"J Inf Technol."},{"issue":"3","key":"2988_CR9","doi-asserted-by":"publisher","first-page":"235","DOI":"10.1177\/026839629601100305","volume":"11","author":"RL Baskerville","year":"1996","unstructured":"Baskerville RL, Wood-Harper AT. A critical perspective on action research as a method for information systems research. J Inf Technol. 1996;11(3):235\u201346. https:\/\/doi.org\/10.1177\/026839629601100305.","journal-title":"J Inf Technol."},{"issue":"1","key":"2988_CR10","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1080\/20476965.2019.1652547","volume":"10","author":"E Aspland","year":"2021","unstructured":"Aspland E, Gartner D, Harper P. Clinical pathway modelling: a literature review. Health Syst. 2021;10(1):1\u201323.","journal-title":"Health Syst."},{"key":"2988_CR11","doi-asserted-by":"crossref","unstructured":"Yang W, Su Q Process mining for clinical pathway: literature review and future directions. In: 2014 11th International Conference on Service Systems and Service Management (ICSSSM). IEEE; 2014. p. 1\u20135.","DOI":"10.1109\/ICSSSM.2014.6943412"},{"issue":"6","key":"2988_CR12","doi-asserted-by":"publisher","first-page":"1825","DOI":"10.1148\/rg.2015150043","volume":"35","author":"SB Rimler","year":"2015","unstructured":"Rimler SB, Gale BD, Reede DL. Diagnosis-related groups and hospital inpatient federal reimbursement. Radiographics. 2015;35(6):1825\u201334.","journal-title":"Radiographics."},{"issue":"12","key":"2988_CR13","doi-asserted-by":"publisher","first-page":"1764","DOI":"10.1007\/s00120-014-3720-0","volume":"53","author":"J Bauer","year":"2014","unstructured":"Bauer J, Kahlmeyer A, Stredele R, Volkmer B. Inpatient therapy of urinary stones in germany: development of the g-drg system. Der Urologe Ausg A. 2014;53(12):1764\u201371.","journal-title":"Der Urologe Ausg A."},{"key":"2988_CR14","doi-asserted-by":"publisher","unstructured":"Sarcevic A, Marsic I, Burd RS. Teamwork errors in trauma resuscitation. ACM Trans Comput -Hum Interact. 2012;19(2). https:\/\/doi.org\/10.1145\/2240156.2240161.","DOI":"10.1145\/2240156.2240161"},{"issue":"5","key":"2988_CR15","doi-asserted-by":"publisher","first-page":"399","DOI":"10.1136\/bmjqs-2011-000188","volume":"21","author":"M Weigl","year":"2012","unstructured":"Weigl M, M\u00fcller A, Vincent C, Angerer P, Sevdalis N. The association of workflow interruptions and hospital doctors\u2019 workload: a prospective observational study. BMJ Qual Saf. 2012;21(5):399\u2013407.","journal-title":"BMJ Qual Saf."},{"key":"2988_CR16","unstructured":"Recker J. Bpmn modeling-who, where, how and why. BPTrends. 2008;1\u20138."},{"key":"2988_CR17","first-page":"9","volume-title":"BPMN Modeling and Reference Guide: understanding and Using BPMN","author":"SA White","year":"2008","unstructured":"White SA, Miers D. BPMN Modeling and Reference Guide: understanding and Using BPMN. 2008. p. 9\u201311."},{"key":"2988_CR18","doi-asserted-by":"crossref","unstructured":"Rol\u00f3n E, Aguilar E, Garcia F, Ruiz F, Piattini M, Calahorra L, et al. Process modeling of the health sector using bpmn: a case study. In: Proc First International Conference on Health Informatics. HEALTHINF 2008. Funchal, Portugal; 2008. p. 173\u201378.","DOI":"10.5220\/0001042201730178"},{"key":"2988_CR19","doi-asserted-by":"crossref","unstructured":"Braun R, Burwitz M, Schlieter H, Benedict M Clinical processes from various angles-amplifying bpmn for integrated hospital management. In: 2015 IEEE International Conference on Bioinformatics and Biomedicine (BIBM). IEEE; 2015. p. 837\u201345.","DOI":"10.1109\/BIBM.2015.7359794"},{"key":"2988_CR20","unstructured":"Di Leva A, Sulis E. Process analysis for a hospital emergency department. Int J Econ Manage Syst. 2017;2."},{"key":"2988_CR21","doi-asserted-by":"publisher","unstructured":"Musman S, Tanner M, Temin A, Elsaesser E, Loren L Computing the impact of cyber attacks on complex missions. In: 2011 IEEE International Systems Conference. 2011. p. 46\u201351. https:\/\/doi.org\/10.1109\/SYSCON.2011.5929055","DOI":"10.1109\/SYSCON.2011.5929055"},{"issue":"6","key":"2988_CR22","doi-asserted-by":"publisher","first-page":"479","DOI":"10.1016\/S0167-4048(99)80115-1","volume":"18","author":"F Cohen","year":"1999","unstructured":"Cohen F. Simulating cyber attacks, defences, and consequences. Comput Secur. 1999;18(6):479\u2013518.","journal-title":"Comput Secur."},{"key":"2988_CR23","unstructured":"Howard JD An analysis of security incidents on the internet 1989-1995. PhD thesis, USA: Carnegie Mellon University. 1998. UMI Order No. GAX98-02539."},{"key":"2988_CR24","volume-title":"Fundamentals of Computer Security Technology","author":"EG Amoroso","year":"1994","unstructured":"Amoroso EG. Fundamentals of Computer Security Technology. 1994."},{"key":"2988_CR25","doi-asserted-by":"publisher","unstructured":"Kuhl ME, Sudit M, Kistner J, Costantini K Cyber attack modeling and simulation for network security analysis. In: 2007 Winter Simulation Conference. 2007. p. 1180\u201388. https:\/\/doi.org\/10.1109\/WSC.2007.4419720","DOI":"10.1109\/WSC.2007.4419720"},{"key":"2988_CR26","volume-title":"Simulation with ARENA","author":"WD Kelton","year":"2002","unstructured":"Kelton WD, Sadowski RP, Sadowski DA. Simulation with ARENA. McGraw-Hill, Inc.; 2002."},{"issue":"4","key":"2988_CR27","doi-asserted-by":"publisher","first-page":"417","DOI":"10.3390\/modelling3040027","volume":"3","author":"JJ Forbus","year":"2022","unstructured":"Forbus JJ, Berleant D. Discrete-event simulation in healthcare settings: a review. Modelling. 2022;3(4):417\u201333. https:\/\/doi.org\/10.3390\/modelling3040027.","journal-title":"Modelling."},{"key":"2988_CR28","doi-asserted-by":"publisher","DOI":"10.1007\/978-0-85729-139-4","volume-title":"Introduction to Discrete Event Simulation and Agent-based Modeling: voting Systems, Health Care, Military, and Manufacturing","author":"TT Allen","year":"2011","unstructured":"Allen TT. Introduction to Discrete Event Simulation and Agent-based Modeling: voting Systems, Health Care, Military, and Manufacturing. Springer; 2011."},{"issue":"2","key":"2988_CR29","doi-asserted-by":"publisher","first-page":"92","DOI":"10.1057\/jos.2011.21","volume":"6","author":"VA Knight","year":"2012","unstructured":"Knight VA, Williams JE, Reynolds I. Modelling patient choice in healthcare systems: development and application of a discrete event simulation with agent-based decision making. J Simul. 2012;6(2):92\u2013102.","journal-title":"J Simul."},{"key":"2988_CR30","unstructured":"Python Software Foundation. The Python language reference. https:\/\/docs.python.org\/3\/reference\/. 20 May 2024."},{"key":"2988_CR31","unstructured":"Django Software Foundation. Django. https:\/\/djangoproject.com. 20 May 2024."},{"key":"2988_CR32","unstructured":"Harband J, Smith K Ecma-262 - ecmascript 2023 language specification. Standard, Ecma International. https:\/\/ecma-international.org\/publications-and-standards\/standards\/ecma-262\/. 20 May 2024."},{"key":"2988_CR33","unstructured":"MariaDB Foundation. MariaDB server: the innovative open source database. https:\/\/mariadb.org. 20 May 2024."},{"key":"2988_CR34","unstructured":"Elasticsearch B.V. Elasticsearch. https:\/\/www.elastic.co\/de\/elasticsearch. 20 May 2024."},{"key":"2988_CR35","unstructured":"Analytica, O.. German Cyberattack-linked Death Sends Wider Warning. Oxford Analytica; 2020."},{"key":"2988_CR36","doi-asserted-by":"publisher","DOI":"10.17433\/978-3-17-026555-4","volume-title":"Notfallversorgung in Deutschland: analyse Des Status Quo Und Empfehlungen F\u00fcr Ein Patientenorientiertes Und Effizientes Notfallmanagement","author":"C Niehues","year":"2012","unstructured":"Niehues C. Notfallversorgung in Deutschland: analyse Des Status Quo Und Empfehlungen F\u00fcr Ein Patientenorientiertes Und Effizientes Notfallmanagement. Kohlhammer Verlag; 2012."},{"issue":"1","key":"2988_CR37","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1016\/j.healthpol.2018.11.001","volume":"123","author":"N Baier","year":"2019","unstructured":"Baier N, Geissler A, Bech M, Bernstein D, Cowling TE, Jackson T, van Manen J, Rudkj\u00f8bing A, Quentin W. Emergency and urgent care systems in australia, denmark, england, france, germany and the netherlands\u2013analyzing organization, payment and reforms. Health Policy. 2019;123(1):1\u201310.","journal-title":"Health Policy."},{"key":"2988_CR38","unstructured":"Jahn F, Winter A. A kpi framework for process-based benchmarking of hospital information systems. 2011. p. 542\u201346."},{"key":"2988_CR39","unstructured":"AUC - Akademie der Unfallchirurgie GmbH, S. Jahresbericht 2022 - TraumaRegister DGU. 2022. https:\/\/www.traumaregister-dgu.de\/fileadmin\/user_upload\/TR-DGU-Jahresbericht_2022.pdf"},{"key":"2988_CR40","unstructured":"Object Management Group. Business process model and notation. Standard, Object Management Group. 2014. https:\/\/www.omg.org\/spec\/BPMN. 28 Jul 2023."},{"key":"2988_CR41","doi-asserted-by":"publisher","unstructured":"S\u00f8reide K. Three decades (1978\u20132008) of Advanced Trauma Life Support (ATLS) practice revised and evidence revisited. Scand J Trauma Resuscitation Emerg Med. 2009;16. https:\/\/doi.org\/10.1186\/1757-7241-16-19.","DOI":"10.1186\/1757-7241-16-19"},{"key":"2988_CR42","doi-asserted-by":"crossref","unstructured":"Bouillon B, Pieper D, Floh\u00e9 S, Eikermann M, Ober P, Ruchholtz S, St\u00fcrmer K, Waydhas C, Trentzsch H, Lendemans S, Huber-Wagner S, Rixen D, Hildebrand F, Mosch C, Nienaber U, Sauerland S, Schenkel M, Walgenbach M, Becker M, Group, P.. Level 3 guideline on the treatment of patients with severe\/multiple injuries: AWMF register-Nr. 012\/019. Eur J Trauma Emerg Surg. 2018.","DOI":"10.1007\/s00068-018-0922-y"},{"key":"2988_CR43","unstructured":"Department of Health and Social Care (UK). Securing cyber resilience in health and care - progress update October 2018. 2018. https:\/\/www.gov.uk\/government\/publications\/securing-cyber-resilience-in-health-and-care-october-2018-update. 27 Jul 2023."},{"key":"2988_CR44","unstructured":"CBS. Hospital explains decision to pay ransom to hackers. 2016. https:\/\/www.cbsnews.com\/news\/hospital-explains-decision-to-pay-ransom-to-hackers\/. 27 Jul 2023."},{"key":"2988_CR45","unstructured":"Dr. Sean Kitson. Cyber attacks on medical imaging systems. https:\/\/openmedscience.com\/medical-device-cyber-security\/. 27 Jul 2023."},{"issue":"1","key":"2988_CR46","doi-asserted-by":"publisher","first-page":"281","DOI":"10.1148\/rg.311105018","volume":"31","author":"E Thornton","year":"2011","unstructured":"Thornton E, Brook OR, Mendiratta-Lala M, Hallett DT, Kruskal JB. Application of failure mode and effect analysis in a radiology department. Radiographics. 2011;31(1):281\u201393.","journal-title":"Radiographics."},{"issue":"1061","key":"2988_CR47","doi-asserted-by":"publisher","first-page":"20150914","DOI":"10.1259\/bjr.20150914","volume":"89","author":"A Pinto","year":"2016","unstructured":"Pinto A, Reginelli A, Pinto F, Lo Re G, Midiri F, Muzj C, Romano L, Brunese L. Errors in imaging patients in the emergency setting. Br. J. Radiol. 2016;89(1061):20150914.","journal-title":"Br. J. Radiol."},{"key":"2988_CR48","unstructured":"Greer B, Capstone A Cybersecurity for healthcare medical devices. PhD thesis. 2018."},{"key":"2988_CR49","unstructured":"LLC, P.I. The impact of ransomware on patient safety and the value of cybersecurity benchmarking. 2023. https:\/\/www.censinet.com\/impact-of-ransomware-on-patient-safety-and-value-of-cybersecurity-benchmarking. 28 Jul 2023."},{"key":"2988_CR50","unstructured":"Canalys. Cybersecurity investment to grow by 13% in 2023. 2023. https:\/\/www.canalys.com\/newsroom\/cybersecurity-forecast-2023. 27 Jul 2023."},{"issue":"4","key":"2988_CR51","doi-asserted-by":"publisher","first-page":"33","DOI":"10.1109\/MC.2006.127","volume":"39","author":"I Lee","year":"2006","unstructured":"Lee I, Pappas GJ, Cleaveland R, Hatcliff J, Krogh BH, Lee P, Rubin H, Sha L. High-confidence medical device software and systems. Computer. 2006;39(4):33\u201338. https:\/\/doi.org\/10.1109\/MC.2006.127.","journal-title":"Computer."},{"issue":"3","key":"2988_CR52","doi-asserted-by":"publisher","first-page":"235","DOI":"10.1017\/S1049023X00001102","volume":"18","author":"P Halpern","year":"2003","unstructured":"Halpern P, Arnold J, Stok E, Ersoy G. Mass-casualty, terrorist bombings: implications for emergency department and hospital emergency response (part ii). Prehospital Disaster Med. 2003;18(3):235\u201341.","journal-title":"Prehospital Disaster Med."}],"container-title":["BMC Medical Informatics and Decision Making"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1186\/s12911-025-02988-8.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/article\/10.1186\/s12911-025-02988-8\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1186\/s12911-025-02988-8.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,4,23]],"date-time":"2025-04-23T08:25:38Z","timestamp":1745396738000},"score":1,"resource":{"primary":{"URL":"https:\/\/bmcmedinformdecismak.biomedcentral.com\/articles\/10.1186\/s12911-025-02988-8"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,4,23]]},"references-count":52,"journal-issue":{"issue":"1","published-online":{"date-parts":[[2025,12]]}},"alternative-id":["2988"],"URL":"https:\/\/doi.org\/10.1186\/s12911-025-02988-8","relation":{},"ISSN":["1472-6947"],"issn-type":[{"value":"1472-6947","type":"electronic"}],"subject":[],"published":{"date-parts":[[2025,4,23]]},"assertion":[{"value":"8 August 2023","order":1,"name":"received","label":"Received","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"26 March 2025","order":2,"name":"accepted","label":"Accepted","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"23 April 2025","order":3,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}},{"order":1,"name":"Ethics","group":{"name":"EthicsHeading","label":"Declarations"}},{"value":"All methods were carried out in accordance with relevant guidelines and regulations. For this study, only anonymized and untraceable data from the trauma registry of the UKM was used. This usage was granted by the executive department of quality management of the UKM. The original collection of the raw data was done by the UKM with the patients\u2019 informed consent.","order":2,"name":"Ethics","group":{"name":"EthicsHeading","label":"Ethics approval and consent to participate"}},{"value":"The study does not contain any personal data.","order":3,"name":"Ethics","group":{"name":"EthicsHeading","label":"Consent for publication"}},{"value":"The authors declare no competing interests.","order":4,"name":"Ethics","group":{"name":"EthicsHeading","label":"Competing interests"}}],"article-number":"174"}}