Perioperative pandemic protocols are also useful during a cyber-attack system downtime.

To the editor

The healthcare sector is a main target of cyber-attacks during the COVID-19 pandemic. Organizations have adopted a work-from-home business model and are vulnerable to cyberattacks. Only 38% of businesses have a cybersecurity policy in place [1]. This issue is only magnified since small to midsize healthcare facilities represent a large portion of the healthcare industry and have a greater cybersecurity vulnerability profile than larger healthcare delivery bodies [2]. Hospitals are an attractive target for cybercriminals as they hold a large amount of valuable and confidential data. In addition, many of these institutions have moved to electronic medical records, further enhancing vulnerability. We report a cyber-malware attack resulting in system downtime at our institution in which we used perioperative pandemic protocols to classify surgical procedures.

Cybercriminals have targeted healthcare sector with ransomware. Ransomware is malware used by attackers that first encrypts files and then attempts to extort money in return for the key to unlocking the data by demanding a ransom [3]. Ransomware is spread through emails designed by the hacker to appear legitimate. Once the email is opened, malware is downloaded and infection begins. The malware searches the hard drive, network files, external drives and cloud drives for all data that can be encrypted. With the development of large data networks within organizations, targeting organizations with ransomware demanding ransom in the form various cryptocurrencies, is a more lucrative target for cybercriminals.

As challenging as the COVID-19 pandemic has been for healthcare organizations, it has created an opportunity for cybercriminals. According the World Health Organization, the number of cyberattacks has increased five-fold during the COVID-19 pandemic [4]. Cybercriminals have more success during a pandemic due to the heightened emotional states of potential victims [4]. The increased use of telemedicine has led to the implementation of web-based platform services within healthcare organizations. This has been opportunistic for cybercriminals. The increased workload that healthcare providers are enduring during the COVID-19 pandemic increases the probability that the worker will open a phishing email or be subject to other delivery methods of cyberattacks [4].

Due to the COVID-19 pandemic and the increasing number of affected patients entering our healthcare system, we developed a plan for surgeries/procedures in order to provide care to all patients. This plan included processes to reduce personal protective equipment resource exhaustion, conserve inpatient beds for COVID patients and mobilize the workforce to areas of acute need. Principles of the plan included case cancellation/rescheduling proceeded by classification (E > D > C > B, see Table 1 ).

Table 1

Surgical classification and action plan during perioperative pandemic protocol.

Surgical classification	Surgical action
Class A	Life/limb at risk: surgery to be done now
Class B	Time sensitive outcome necessitating procedure within 24 h: short delays acceptable
Class C	Time sensitive outcome necessitating procedure within 4 weeks: reschedule within 4 weeks as resources permit and at the discretion of the surgical/anesthesiology medical directors.
Class D	Can wait 4–8 weeks or longer without substantial change in outcome: reschedule for later date
Class E	Can wait greater than 8 weeks without substantial change in outcome: postpone and reassess in 8 weeks for rescheduling

Prior to scheduling, case classification was determined. Only class A and B cases were permitted to be added to the schedule. All OR cases were reviewed and classified in collaboration with the primary surgeon by the surgery and anesthesiology medical directors. Class C, D, and E cases were identified for immediate removal from the schedule. Surgeons were notified and cases were postponed/rescheduled.

The operational principles for procedures that were developed served well to mitigate the challenges presented by the COVID-19 pandemic. They were utilized and adhered to very strictly throughout the spring-summer of 2020. By fall 2020, operations were resembling some degree of normalcy and procedures encompassing all case classifications were being resumed. An unforeseen need to re-implement the ‘pandemic protocol’ originally developed to meet the challenges of the COVID-19 pandemic, for an entirely different purpose.

In September 2020, our institution was subject to a significant information technology /system downtime event. This downtime was the result of a malware cyber security attack. Law enforcement, including the was notified and our institution activated extensive and well-planned contingency processes supported by trainings to prepare for these kinds of IT system situations. This included prioritizing patient's surgeries. Leaders in the perioperative setting were quick to activate pandemic protocols, developed for the COVID-19 pandemic.

Perioperative pandemic protocols were then re-instituted. The disruption in workflow practices was minimal. Universal e-mail went out to surgical and procedural physicians that the scheduling classification system had been reenacted. Similar to early days of the pandemic, cases scheduled on the day of the cybersecurity attack were immediately reviewed and classified according to our operational principles. Cases that were deemed Class A and B proceeded with alternative methods of anesthetic documentation.

The absence of our electronic health record (EHR) system impacted perioperative communication and workflow. Lack of centralized status board was impairing efficient patient throughput. Task force of the anesthesia clinical director, nursing pre-op manager, and OR charge nurse sought to set up a universally accessible database that could be updated in real-time and would provide similar information to our normal status board (Fig. 1 ). Secure cloud based spreadsheet was available to all perioperative leaders needing real-time information. Spreadsheet was updated by an assigned individual who would frequently communicate with personnel in patient care areas to keep this as real-time as possible. This makeshift solution proved very useful in ensuring nursing, anesthesia, surgery and equipment personnel were aware of the ever changing OR environment. While relatively simple, this allowed for greater line of sight for clinical directors charged with ensuring a safe and efficient throughput process.

Fig. 1

Web Based (Microsoft Teams, Washington USA) operating room scheduling board used during the computer downtime.

Efforts to ameliorate the cybersecurity malware event were handled by our information technology (IT) department, with 6 days of downtime. Two anesthesia providers were assigned to each case to allow a dedicated team member to attend to documentation while the other provider attended to the patient. This staffing model was achieved due to the decrease in surgical cases. 180 OR cases were postponed due to the cybersecurity malware incident and subsequently rescheduled. The implementation of the pandemic protocol developed for the COVID-19 pandemic served equally well to mitigate the challenges of this unexpected and unprecedented situation.

The COVID-19 pandemic has resulted in widespread disruption to the healthcare industry. In addition to the complex issues relating to maintaining healthcare capacity and resources, healthcare organizations are now facing heightened cybersecurity threats. Adaptations in clinical operations and policies created due to the pandemic can be effective in a malware cyber-attack.

Declaration of competing interest

The authors have no Conflict of Interest with any medical device or company.

Brad A. Fremming MD, Pharm D.

Kyle J. Ringenberg MD.

Katie C. Berky, MD.

Ellen K. Roberts MD.

Steve J. Lisco MD.

Thomas E. Schulte, MD.