Abstract

BACKGROUND Cybersecurity incidents affecting hospitals have grown in prevalence and consequence over the last two decades, increasing the importance of cybersecurity preparedness and response training to minimize clinical disruptions. OBJECTIVE This work describes the development, execution, and post-exercise assessment of a novel simulation scenario consisting of four interlocking intensive care unit (ICU) patient scenarios. This simulation was designed to demonstrate the management of acute pathologies without access to conventional treatment methods during a cybersecurity incident in order to raise clinician awareness of the increasing incidence and patient safety implications of such events. METHODS The simulation was developed by a multidisciplinary team of physicians, simulation experts, and medical education experts at UCSD School of Medicine. The simulation was first executed as part of the proceedings of CyberMed Summit, a healthcare cybersecurity conference in La Jolla, California, on November 19th, 2022. Following the simulation, a debrief session was held with the learner in front of conference attendees, with additional questioning and discussion prompted by attendee input. RESULTS The physician successfully identified the acute etiologies and managed the patients’ acute decompensations while lacking access to the hospital’s electronic medical records (EMRs), laboratory results, imaging, and communication systems. Review of footage of the event and post-experience interviews yielded numerous insights on the specific physician-focused challenges and possible solutions to a hospital-infrastructure-crippling cyber attack. CONCLUSIONS Healthcare cybersecurity incidents are known to result in significant disruption of clinical activities and can be viewed through a patient-safety oriented perspective. Simulation training may be a particularly effective method for raising clinician awareness of and preparedness for these events.