Encrypted login | home

Program Information

A Risk Management Plan Against Cyber-Attacks in Radiation Oncology: An Emergency Plan for Continuation of Safe Treatments


B Yi

B Yi*, B Zhang , K Prado , S Chen , S Rahman , W D'Souza , Univ. of Maryland School Of Medicine, Baltimore, MD

Presentations

TU-FG-702-1 (Tuesday, August 1, 2017) 1:45 PM - 3:45 PM Room: 702


Purpose: Since radiation therapy relies on information technology (IT) systems for virtually all clinical activities, it is crucial to have an emergency plan (EP) against cyber-attacks or hacking. This study introduces the emergency plan of University of Maryland. The goals of the EP are to resume the treatments (1) within 24 hours with limited image guidance, for a few selected cases whose treatments cannot be delayed; (2) within a week with full image guidance until complete recovery from the attack using a temporary local database.

Methods: University of Maryland has 6 sites with 11 Varian linear accelerators and 5 proton machines which are managed by one database system; Aria System (V 13.7, Varian, CA). The electronic medical record (EMR) and the image database are also the part of the Aria system. The EP is designed under the assumptions that the Aria database and the network are attacked, which results that the control of treatment machines, the EMR and the treatment information are not available. The EP extracts the treatment plans (DICOM RPs), the images and the EMR’s of new patients and the treatment information (DICOM RT) from the Aria database server every day, and these are saved in off-line storage.

Results: It takes 90 minutes to re-direct the machine control from the clinical Aria database to the temporary database unit per machine. A 30-minute process is needed to upload and to confirm the treatment information including images, plans, treatment history and EMRs to the temporary server per patient. Test patient treatment records using the temporary server have been restored successfully to the clinical server after complete recovery.

Conclusion: An EP has been developed and proved to fulfill the goals to deliver seamless and safe treatments under a severe cyber-attack.


Contact Email: