Vienna, Austria

ESTRO 2023

Session Item

Health economics / health services research
5530
Poster (Digital)
Interdisciplinary
Days and Gray: The cost of cyber-crime in Radiation Oncology
Ronan Joyce, Ireland
PO-1089

Abstract

Days and Gray: The cost of cyber-crime in Radiation Oncology
Authors:

Ronan Joyce1, Ciara Lyons1, Kathy Rock1, Faisal Jamaluddin1, Aileen Flavin1, Mary Hickey2, Erica Bennett2, Paul Kelly2, Carol McGibney1

1Cork University Hospital, Radiation Oncology, Cork, Ireland; 2UPMC Bons Secours, Radiation Oncology, Cork, Ireland

Show Affiliations
Purpose or Objective

In May 2021 the Irish Health Service Executive’s IT services was victim of an organised ransomware attack. National hospital IT systems were shut down while the damage was assessed and repaired. In Cork University Hospital (CUH) radiotherapy department, 101 patients had their treatment disrupted with no immediately foreseeable date for recommencement of services. This study assesses the logistical and radiobiological impact of this gap in radiotherapy for a large group of patients and the efficacy of compensation strategies.

Material and Methods

Radiotherapy for high-risk patients was recommenced in a neighbouring private hospital. Remaining patients could be restarted in CUH when systems became operational after 21 days.  New CT simulation and radiotherapy plans were required for transferred patients. We calculated the planned total duration and actual duration of each patients’ treatment. A planned biological equivalent dose (BED) and actual BED was calculated for each treatment course dependent on tumour type. Treatment acceleration, bi-daily treatment and extra fractions were employed as compensation strategies. We calculated the BED lost and potential BED saved per patient.

Results

The mean gap in treatment for the cohort was 16 days (11-28) Patients had a cumulative 1200 fractions of their treatment course remaining. 44 patients were transferred to the private hospital. Mean time from new CT to start was 4.8 days (3-10). The mean number of days saved by compensation strategies was 3 (0-10) per patient. The potential Gray lost overall was 803Gy, mean 8.46Gy per patient (0- 19.8Gy). The total Gray saved was 276Gy, mean 2.9Gy (0-9Gy) saved per patient.

Conclusion

Large scale disruption of a radiotherapy service is uncommon and this malicious act of cybercrime had a significant and sudden impact on patient care. Through multi-departmental and multi-institutional co-operation potential quantifiable harm to patients was limited. Unfortunately, the full effects of this crime may take years to manifest and long term follow up is essential to assess any potential negative oncological outcomes. This crisis highlights the need for robust IT infrastructure and contingencies to allow continuation of critical radiotherapy services in the inevitable event of future cyber-attacks.