{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,5,14]],"date-time":"2026-05-14T11:05:58Z","timestamp":1778756758762,"version":"3.51.4"},"reference-count":23,"publisher":"Frontiers Media SA","license":[{"start":{"date-parts":[[2024,2,16]],"date-time":"2024-02-16T00:00:00Z","timestamp":1708041600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"content-domain":{"domain":["frontiersin.org"],"crossmark-restriction":true},"short-container-title":["Front. Digit. Health"],"abstract":"<jats:sec><jats:title>Importance<\/jats:title><jats:p>Healthcare organizations operate in a data-rich environment and depend on digital computerized systems; thus, they may be exposed to cyber threats. Indeed, one of the most vulnerable sectors to hacks and malware is healthcare. However, the impact of cyberattacks on healthcare organizations remains under-investigated.<\/jats:p><\/jats:sec><jats:sec><jats:title>Objective<\/jats:title><jats:p>This study aims to describe a major attack on an entire medical center that resulted in a complete shutdown of all computer systems and to identify the critical actions required to resume regular operations.<\/jats:p><\/jats:sec><jats:sec><jats:title>Setting<\/jats:title><jats:p>This study was conducted on a public, general, and acute care referral university teaching hospital.<\/jats:p><\/jats:sec><jats:sec><jats:title>Methods<\/jats:title><jats:p>We report the different recovery measures on various hospital clinical activities and their impact on clinical work.<\/jats:p><\/jats:sec><jats:sec><jats:title>Results<\/jats:title><jats:p>The system malfunction of hospital computers did not reduce the number of heart catheterizations, births, or outpatient clinic visits. However, a sharp drop in surgical activities, emergency room visits, and total hospital occupancy was observed immediately and during the first postattack week. A gradual increase in all clinical activities was detected starting in the second week after the attack, with a significant increase of 30% associated with the restoration of the electronic medical records (EMR) and laboratory module and a 50% increase associated with the return of the imaging module archiving. One limitation of the present study is that, due to its retrospective design, there were no data regarding the number of elective internal care hospitalizations that were considered crucial.<\/jats:p><\/jats:sec><jats:sec><jats:title>Conclusions and relevance<\/jats:title><jats:p>The risk of ransomware cyberattacks is growing. Healthcare systems at all levels of the hospital should be aware of this threat and implement protocols should this catastrophic event occur. Careful evaluation of steady computer system recovery weekly enables vital hospital function, even under a major cyberattack. The restoration of EMR, laboratory systems, and imaging archiving modules was found to be the most significant factor that allowed the return to normal clinical hospital work.<\/jats:p><\/jats:sec>","DOI":"10.3389\/fdgth.2024.1321485","type":"journal-article","created":{"date-parts":[[2024,2,16]],"date-time":"2024-02-16T05:00:38Z","timestamp":1708059638000},"update-policy":"https:\/\/doi.org\/10.3389\/crossmark-policy","source":"Crossref","is-referenced-by-count":19,"title":["When all computers shut down: the clinical impact of a major cyber-attack on a general hospital"],"prefix":"10.3389","volume":"6","author":[{"given":"Benyamine","family":"Abbou","sequence":"first","affiliation":[]},{"given":"Boris","family":"Kessel","sequence":"additional","affiliation":[]},{"given":"Merav","family":"Ben Natan","sequence":"additional","affiliation":[]},{"given":"Rinat","family":"Gabbay-Benziv","sequence":"additional","affiliation":[]},{"given":"Dikla","family":"Dahan Shriki","sequence":"additional","affiliation":[]},{"given":"Anna","family":"Ophir","sequence":"additional","affiliation":[]},{"given":"Nimrod","family":"Goldschmid","sequence":"additional","affiliation":[]},{"given":"Adi","family":"Klein","sequence":"additional","affiliation":[]},{"given":"Ariel","family":"Roguin","sequence":"additional","affiliation":[]},{"given":"Mickey","family":"Dudkiewicz","sequence":"additional","affiliation":[]}],"member":"1965","published-online":{"date-parts":[[2024,2,16]]},"reference":[{"key":"B1","doi-asserted-by":"publisher","first-page":"103952","DOI":"10.1016\/j.ijmedinf.2019.103952","article-title":"Diffusion dynamics of electronic health records: a longitudinal observational study comparing data from hospitals in Germany and the United States","volume":"131","author":"Esdar","year":"2019","journal-title":"Int J Med Inf"},{"key":"B2","doi-asserted-by":"publisher","first-page":"1","DOI":"10.3233\/THC-151102","article-title":"Cyber threats to health information systems: a systematic review","volume":"24","author":"Luna","year":"2016","journal-title":"Technol Health Care"},{"key":"B3","doi-asserted-by":"publisher","first-page":"246","DOI":"10.1186\/s12911-020-01259-y","article-title":"Analyzing medical device connectivity and its effect on cyber security in German hospitals","volume":"20","author":"Willing","year":"2020","journal-title":"BMC Med Inform Decis Mak"},{"key":"B4","doi-asserted-by":"publisher","first-page":"170","DOI":"10.1016\/j.prro.2021.09.011","article-title":"How to respond to a ransomware attack? One radiation oncology department\u2019s response to a cyber-attack on their record and verify system","volume":"12","author":"Harrison","year":"2022","journal-title":"Pract Radiat Oncol"},{"key":"B5","doi-asserted-by":"publisher","first-page":"2566","DOI":"10.1111\/ans.17177","article-title":"Maintaining the maxillofacial service under cyber-attack: the Waikato experience","volume":"91","author":"Yap","year":"2021","journal-title":"ANZ J Surg"},{"key":"B6","doi-asserted-by":"crossref","DOI":"10.1002\/0471445428","volume-title":"Statistical Methods for Rates and Proportions","author":"Fleiss","year":"2003"},{"key":"B7","doi-asserted-by":"publisher","first-page":"172","DOI":"10.1016\/j.gloplacha.2012.10.014","article-title":"Analysis of changes in meteorological variables using Mann\u2013Kendall and Sen\u2019s slope estimator statistical tests in Serbia","volume":"100","author":"Gocic","year":"2013","journal-title":"Glob Planet Change"},{"key":"B8","volume-title":"Nonparametric Statistics for the Behavioral Sciences","author":"Siegel","year":"1988"},{"key":"B9","doi-asserted-by":"publisher","first-page":"5119","DOI":"10.3390\/s21155119","article-title":"Influence of human factors on cyber security within healthcare organisations: a systematic review","volume":"21","author":"Nifakos","year":"2021","journal-title":"Sensors (Basel)"},{"key":"B10","doi-asserted-by":"publisher","first-page":"61","DOI":"10.1089\/tmj.2012.0022","article-title":"Cyberterrorism: is the U.S. healthcare system safe?","volume":"19","author":"Harries","year":"2013","journal-title":"Telemed J E Health"},{"key":"B11","doi-asserted-by":"publisher","first-page":"146","DOI":"10.1186\/s12911-020-01161-7","article-title":"Cybersecurity of hospitals: discussing the challenges and working towards mitigating the risks","volume":"20","author":"Argaw","year":"2020","journal-title":"BMC Med Inform Decis Mak"},{"key":"B12","doi-asserted-by":"publisher","first-page":"524","DOI":"10.1177\/1357633X19873233","article-title":"Whatsapp guidelines\u2014what guidelines? A literature review","volume":"25","author":"Mars","year":"2019","journal-title":"J Telemed Telecare"},{"key":"B13","doi-asserted-by":"publisher","first-page":"334","DOI":"10.1016\/j.surge.2021.09.007","article-title":"Under viral attack: an orthopaedic response to challenges faced by regional referral centres during a national cyber-attack","volume":"20","author":"Feeley","year":"2022","journal-title":"Surgeon"},{"key":"B14","doi-asserted-by":"publisher","first-page":"98","DOI":"10.1038\/s41746-019-0161-6","article-title":"A retrospective impact analysis of the WannaCry cyberattack on the NHS","volume":"2","author":"Ghafur","year":"2019","journal-title":"NPJ Digit Med"},{"key":"B15","doi-asserted-by":"publisher","first-page":"j3179","DOI":"10.1136\/bmj.j3179","article-title":"Cybersecurity and healthcare: how safe are we?","volume":"6","author":"Martin","year":"2017","journal-title":"Br Med J"},{"key":"B16","doi-asserted-by":"publisher","first-page":"1","DOI":"10.3233\/THC-161263","article-title":"Cybersecurity in healthcare: a systematic review of modern threats and trends","volume":"25","author":"Kruse","year":"2017","journal-title":"Technol Health Care"},{"key":"B17","doi-asserted-by":"publisher","first-page":"20552076221104665","DOI":"10.1177\/20552076221104665","article-title":"Cyber-attacks are a permanent and substantial threat to health systems: education must reflect that","volume":"8","author":"Niki","year":"2022","journal-title":"Digit Health"},{"key":"B18","doi-asserted-by":"publisher","first-page":"48","DOI":"10.1016\/j.maturitas.2018.04.008","article-title":"Cybersecurity in healthcare: a narrative review of trends, threats and ways forward","volume":"113","author":"Coventry","year":"2018","journal-title":"Maturitas"},{"key":"B19","doi-asserted-by":"publisher","first-page":"1254","DOI":"10.1016\/S0140-6736(21)00722-4","article-title":"AI-facilitated health care requires education of clinicians","volume":"397","author":"Keane","year":"2021","journal-title":"Lancet"},{"key":"B20","doi-asserted-by":"publisher","first-page":"881","DOI":"10.1056\/NEJMp030010","article-title":"Computer crash\u2014lessons from a system failure","volume":"348","author":"Kilbridge","year":"2003","journal-title":"N Engl J Med"},{"key":"B21","doi-asserted-by":"publisher","first-page":"495","DOI":"10.1055\/s-0039-1692678","article-title":"Continuing patient care during electronic health record downtime","volume":"10","author":"Larsen","year":"2019","journal-title":"Appl Clin Inform"},{"key":"B22","doi-asserted-by":"publisher","first-page":"90","DOI":"10.1097\/PTS.0000000000000580","article-title":"Identification of design criteria to improve patient care in electronic health record downtime","volume":"17","author":"Larsen","year":"2021","journal-title":"J Patient Saf"},{"key":"B23","doi-asserted-by":"publisher","first-page":"624","DOI":"10.4338\/ACI-2016-04-SOA-0064","article-title":"A socio-technical approach to preventing, mitigating, and recovering from ransomware attacks","volume":"7","author":"Sittig","year":"2016","journal-title":"Appl Clin Inform"}],"container-title":["Frontiers in Digital Health"],"original-title":[],"link":[{"URL":"https:\/\/www.frontiersin.org\/articles\/10.3389\/fdgth.2024.1321485\/full","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2024,2,16]],"date-time":"2024-02-16T05:00:43Z","timestamp":1708059643000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.frontiersin.org\/articles\/10.3389\/fdgth.2024.1321485\/full"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024,2,16]]},"references-count":23,"alternative-id":["10.3389\/fdgth.2024.1321485"],"URL":"https:\/\/doi.org\/10.3389\/fdgth.2024.1321485","relation":{},"ISSN":["2673-253X"],"issn-type":[{"value":"2673-253X","type":"electronic"}],"subject":[],"published":{"date-parts":[[2024,2,16]]},"article-number":"1321485"}}