2022 AAPM 64th Annual Meeting
Back to session list

Session Title: Contingency Planning: Can You Handle a Ransomware Attack?
Question 1: How can stolen medical identities be used?
Reference:Coventry, Lynne, and Dawn Branley. "Cybersecurity in healthcare: A narrative review of trends, threats and ways forward." Maturitas 113 (2018): 48-52.
Choice A:Obtain health services and prescription
Choice B:Fraud
Choice C:Open bank accounts
Choice D:Secure loans
Choice E:All of the above
Question 2: What is the number one cybersecurity risk for health care organizations?
Reference:Joyce, Christine, et al. "Emerging Cybersecurity Threats in Radiation Oncology." Advances in Radiation Oncology 6.6 (2021): 100796.
Choice A:Injection
Choice B:Phishing
Choice C:Man-in-the-Middle
Choice D:Denial-of-Service
Question 3: What access will NOT be lost after a successful cyberattack in a health network?
Reference:Nelson, Carl J., et al. "Development of rapid response plan for radiation oncology in response to cyberattack." Advances in Radiation Oncology 6.1 (2021).
Choice A:Electronic medical records access
Choice B:Hospital Secure email / telecommunication platform access
Choice C:Personal messaging devices
Choice D:Departmental virtual server residing on the hospital network
Question 4: An example of informational continuity from the perspective of a radiation oncology patient is based on which of the following?
Reference:Christ, Sebastian, et al. "Continuity and coordination of care in highly selected chronic cancer patients treated with multiple repeat radiation therapy" Radiation Oncology (2021): 16:227.
Choice A:medical oncologist evaluation
Choice B:Chronic cancer disease management
Choice C:surgeon evaluation
Choice D:linear accelerator uptime
Question 5: What is the most appropriate background for business continuity planning?
Reference:Zawada, Brian. "The Business Continuity Operating System," Gravitas Press, 2021. ISBN:9781735943527, p18.
Choice A:information technology
Choice B:legal
Choice C:risk management
Choice D:medical school
Question 6: A Business Continuity Management System can be viewed from which of the following perspectives?
Reference:The International Organization for Standardization. "ISO 22301: Security and resilience – Business continuity management systems - Requirements," 2nd edition, 2019-10, pp vo=vii.
Choice A:business
Choice B:finance
Choice C:internal processes
Choice D:interested parties
Choice E:All of the above
Question 7: Running off of a cloud platform keeps your health system safe from cyber attacks?
Reference:Hart, Ariel, “Cyber attack disrupts cancer care” The Atlanta Journal Constitution. April 27, 2021 (https://www.ajc.com/news/investigations/cyberattack-disrupts-cancer-care/EJWYPB3KNNEMDAJK2FW2HFULLM/)
Choice A:True
Choice B:False
Question 8: The weakest link in a healthcare institution is:
Reference:Mulcahy, Nick, “Recent Cyberattack Disrupted Cancer Care Throughout U.S.” Web MD Health News, July 20, 2021. https://www.webmd.com/cancer/news/20210720/recent-cyberattack-disrupted-cancer-care-us
Choice A:Poor IT preparation
Choice B:Healthcare Employees
Choice C:Hospital firewall systems
Question 9: A successful backup and recovery strategy should include
Reference:NISTIR 8374 - Ransomware Risk Management: A Cybersecurity Framework Profile, National Institute of Standards and Technology James K. Olthoff, Performing the Non-Exclusive Functions and Duties of the Under Secretary of Commerce for Standards and Technology & Director, National Institute of Standards and Technology NIST Guide for Conducting Risk Assessments https://www.nist.gov/publications/guide-conducting-risk-assessments
Choice A:Dispersed backups on a segregated network (many copies)
Choice B:Backups that include at minimum one copy on immutable storage
Choice C:Backup frequency that maintains a reasonable Recovery Point Objective (RPO)
Choice D:Annual Testing of your Recovery Plan
Choice E:All of the above
Question 10: Single vendor environments can be categorized into different infrastructure categories when assessing your ransomware preparedness and developing Disaster Recovery (DR) and High Availability (HA) plan which include
Reference:Recommendations on Securing Customer Purchased Varian Products from Ransomware (CTB GE-1076-A) Disaster Recovery (DR) - User Implementation Reference Guide (UG-GE-DRRG-A) Mission Critical Application Protection (MICAP) Whitepaper (CTB MI-781-B) Backup Guidelines (CTB GE-936-C)
Choice A:The Treatment Delivery System
Choice B:Customer Hosted Software and Services
Choice C:Vendor Hosted Software and Services
Choice D:Mixture of A, B, and C
Choice E:All of the Above
Back to session list