Anatomy of a Cyberattack

• Published in: American journal of clinical pathology Vol. 158; no. 1; pp. 18 - 26
• Main Authors: Frisch, Nora K, Gibson, Pamela C, Stowman, Anne M, Goodwin, Andrew, Schwartz, Michelle, Cortright, Valerie, Hong, Tania, Kalof, Alexandra
• Format: Journal Article
• Language: English
• Published: US Oxford University Press 01.07.2022
• Subjects: Management/administration; Informatics; Quality
• ISSN: 0002-9173; 1943-7722
• DOI: 10.1093/ajcp/aqac004

Abstract Objectives Our institution was the victim of a cyberattack that necessitated use of manual laboratory systems for more than 25 days. These manual processes had to be created not only to enable us to process our case volume without bottlenecks but also to maintain patient safety and allow for billing. Methods Our laboratory needed to create a safe reporting process to ensure ongoing patient safety and error reduction during the downtime. Additionally, we needed to ensure the ability to bill for performed tests in some areas of the lab and maintain compliance with regulatory policies. Results Amendment rates in our system were higher than before the attack, but no patient harm was observed. Intraoperative assessments declined, but high-acuity cases continued with a discrepancy rate comparable with the normal state. Many hours and resources (human and otherwise) were necessary to reconcile the work done to bill for services, but we were able to capture revenue through careful planning. Conclusions This article records the challenges we faced and the successes we achieved in maintaining compliance and a low error rate in the face of manual processes, the steps necessary to bring the cases into the newly restored electronic health record, and how we billed for the services we rendered.