当前位置:
X-MOL 学术
›
Pract. Radiat. Oncol.
›
论文详情
Our official English website, www.x-mol.net, welcomes your feedback! (Note: you will need to create a separate account there.)
Radiation Oncology Ransomware Attack Response Risk Analysis Using Failure Modes and Effects Analysis
Practical Radiation Oncology ( IF 3.3 ) Pub Date : 2024-03-19 , DOI: 10.1016/j.prro.2024.03.001 Yevgeniy Vinogradskiy , Leah Schubert , Amy Taylor , Shari Rudoler , James Lamb PhD
Practical Radiation Oncology ( IF 3.3 ) Pub Date : 2024-03-19 , DOI: 10.1016/j.prro.2024.03.001 Yevgeniy Vinogradskiy , Leah Schubert , Amy Taylor , Shari Rudoler , James Lamb PhD
There have been numerous significant ransomware attacks impacting Radiation Oncology in the past 5 years. Research into ransomware attack response in Radiation Oncology has consisted of case reports and descriptive articles and has lacked quantitative studies. The purpose of this work was to identify the significant safety risks to patients being treated with radiation therapy during a ransomware attack scenario, using Failure Modes and Effects Analysis. A multi-institutional and multidisciplinary team conducted a Failure Modes and Effects Analysis by developing process maps and using Risk Priority Number (RPN) scores to quantify the increased likelihood of incidents in a ransomware attack scenario. The situation that was simulated was a ransomware attack that had removed the capability to access the Record and Verify (R&V) system. Five situations were considered: 1) a standard treatment of a patient with and without an R&V, 2) a standard treatment of a patient for the first fraction right after the R&V capabilities are disabled, and 3) 3 situations in which a plan modification was required. RPN scores were compared with and without R&V functionality. The data indicate that RPN scores increased by 71% (range, 38%-96%) when R&V functionality is disabled compared with a nonransomware attack state where R&V functionality is available. The failure modes with the highest RPN in the simulated ransomware attack state included incorrectly identifying patients on treatment, incorrectly identifying where a patient is in their course of treatment, treating the incorrect patient, and incorrectly tracking delivered fractions. The presented study quantifies the increased risk of incidents when treating in a ransomware attack state, identifies key failure modes that should be prioritized when preparing for a ransomware attack, and provides data that can be used to guide future ransomware resiliency research.
中文翻译:
使用故障模式和影响分析进行放射肿瘤学勒索软件攻击响应风险分析
过去 5 年中,发生了许多影响放射肿瘤学的重大勒索软件攻击。放射肿瘤学中勒索软件攻击响应的研究由病例报告和描述性文章组成,缺乏定量研究。这项工作的目的是使用故障模式和效果分析来确定勒索软件攻击场景中接受放射治疗的患者面临的重大安全风险。一个多机构和多学科团队通过开发流程图并使用风险优先级数 (RPN) 分数来量化勒索软件攻击场景中事件增加的可能性,从而进行了故障模式和影响分析。模拟的情况是勒索软件攻击,导致无法访问记录和验证 (R&V) 系统。考虑了五种情况:1) 对有或没有 R&V 的患者进行标准治疗,2) 在 R&V 功能禁用后立即对患者进行第一部分的标准治疗,以及 3) 计划修改的 3 种情况必需的。比较有和没有 R&V 功能的 RPN 分数。数据表明,与 R&V 功能可用的非勒索软件攻击状态相比,禁用 R&V 功能时 RPN 分数增加了 71%(范围为 38%-96%)。在模拟勒索软件攻击状态下,RPN 最高的故障模式包括错误识别正在治疗的患者、错误识别患者在治疗过程中的位置、治疗错误的患者以及错误跟踪交付的分数。所提出的研究量化了在勒索软件攻击状态下处理时增加的事件风险,确定了在准备勒索软件攻击时应优先考虑的关键故障模式,并提供了可用于指导未来勒索软件弹性研究的数据。
更新日期:2024-03-19
中文翻译:
使用故障模式和影响分析进行放射肿瘤学勒索软件攻击响应风险分析
过去 5 年中,发生了许多影响放射肿瘤学的重大勒索软件攻击。放射肿瘤学中勒索软件攻击响应的研究由病例报告和描述性文章组成,缺乏定量研究。这项工作的目的是使用故障模式和效果分析来确定勒索软件攻击场景中接受放射治疗的患者面临的重大安全风险。一个多机构和多学科团队通过开发流程图并使用风险优先级数 (RPN) 分数来量化勒索软件攻击场景中事件增加的可能性,从而进行了故障模式和影响分析。模拟的情况是勒索软件攻击,导致无法访问记录和验证 (R&V) 系统。考虑了五种情况:1) 对有或没有 R&V 的患者进行标准治疗,2) 在 R&V 功能禁用后立即对患者进行第一部分的标准治疗,以及 3) 计划修改的 3 种情况必需的。比较有和没有 R&V 功能的 RPN 分数。数据表明,与 R&V 功能可用的非勒索软件攻击状态相比,禁用 R&V 功能时 RPN 分数增加了 71%(范围为 38%-96%)。在模拟勒索软件攻击状态下,RPN 最高的故障模式包括错误识别正在治疗的患者、错误识别患者在治疗过程中的位置、治疗错误的患者以及错误跟踪交付的分数。所提出的研究量化了在勒索软件攻击状态下处理时增加的事件风险,确定了在准备勒索软件攻击时应优先考虑的关键故障模式,并提供了可用于指导未来勒索软件弹性研究的数据。
京公网安备 11010802027423号