View attached explanation and answer. Let me know if you have any questions.

1

Journal Review – Cybersecurity

Name
Institution
Course
Instructor
Date

2
Journal Review – Cybersecurity
The title of the article under consideration is “Impact of and Response to Cyberattacks in
Radiation Oncology.” The article describes a cyberattack that targeted the University of Vermont
Health Network (UVMHN). As a result of the cyberattack, the healthcare facility experienced
several clinical system outages since the attack uncovered the vulnerabilities of the hospital’s
radiation oncology systems (Nelson et al., 2022). Also, the attack exposed the dependence of
radiation facilities on integrated radiation delivery, planning, and verification systems.
The cyberattack was a malware attack since the aim of the attackers was to steal the
hospital’s confidential data. Besides that, the attack targeted the radiation oncology information
system (RIOS), a system used for scheduling and radiation treatments (Nelson et al., 2022). As a
result of the attack, the RIOS system was infiltrated and became inaccessible. After a security
assessment of the RIOS system and system outages in radiation oncology, it was found that
phone and email contacts were lost and the hospital’s electronic medical records (EMRs) system
was compromised. To mitigate the further loss of sensitive information and propagation of the
malware, the hospital’s information technology (IT) team restricted Internet access and halted
the servers of the hospital and other clinical network systems.
The impact of the cyberattack was overwhelming. Since patient information could not be
accessed, it was hard to notify patients of rescheduling their treatments. All those patients that
arrived for checkups were requested to provide their contacts and information manually
documented on paper. Consequently, since the EMR system was compromised, the radiation
oncology team had to compile treatment schedules among other things on a physical chart using
previously printed schedules and demographics (Nelson et al., 2022). Also, to improve the health
outcomes of patients impacted by the attack, they were transferred to the hospital’s affiliated
sites or treated onsite without using the RIOS but with a linear accelerator that was operated
manually. In addition to that, patients in need of emergency care were transferred to other
healthcare facilities, and the diagnosis, treatment, and screening for various health conditions
were deferred. Moreover, the financial effect of the attack was extensive since the hospital lost
revenue and recovery costs.
The article outlines that several actions are being taken to prevent these types of attacks
in the future. One of these actions is the development of redundancies in network systems. These
redundancies include backups stored offline to advance the process of restoring functions in the
event of an attack and establishing separate systems that can be accessed for data in case of
emergency network shutdowns (Nelson et al., 2022). Also, keeping printed copies and offsite
backup of sensitive information is critical for treatment continuity if Internet access is restricted.
The other action is to establish outage procedures and policies that support communication with
patients and hospital staff when network systems are down. In addition to establishing policies
and procedures, organizations can perform regular cyberattacks readiness assessments to
determine the strengths and weaknesses of their systems. In doing so, they can easily prevent and
recognize cyberattacks before they are launched, minimizing infrastructure damage and
disruption of operations.

3
Reference
Nelson, C. J., Soisson, E. T., Li, P. C., Lester-Coll, N. H., Gagne, H., Deeley, M. A., ... &
Wallace, H. J. (2022). Impact of and response to cyberattacks in radiation
oncology. Advances in Radiation Oncology, 100897.
https://doi.org/10.1016/j.adro.2022.100897


ARTICLE IN PRESS
Advances in Radiation Oncology (2022) 000, 100897

Clinical Investigation

Impact of and Response to Cyberattacks
in Radiation Oncology
Carl J. Nelson, MD,* Emilie T. Soisson, PhD, Puyao C. Li, MD,
Nataniel H. Lester-Coll, MD, Havaleh Gagne, MD, Matthew A. Deeley, PhD,
Christopher J. Anker, MD, Lori Ann Roy, MHA, and H. James Wallace, MD
Division of Radiation Oncology, University of Vermont Larner College of Medicine, Burlington, Vermont
Received October 19, 2021; accepted December 16, 2021

Abstract
Cyberattacks on health care facilities are increasing and significantly affecting health care delivery throughout the world. The recent
cyberattack on our hospital-based radiation facility exposed vulnerabilities of radiation oncology systems and highlighted the dependence
of radiation treatment on integrated and complex radiation planning, delivery and verification systems. After the cyberattack on our
health care facility, radiation oncology staff reconstructed patient information, schedules, and radiation plans from existing paper records
and physicians developed a system to triage patients requiring immediate transfer of radiation treatment to nearby facilities. Medical
physics and hospital information technology collaborated to restore services without access to the system backup or network
connectivity. Ultimately, radiation treatments resumed incrementally as systems were restored and rebuilt. The experiences and lessons
learned from this response were reviewed. The successes and shortcomings were incorporated into recommendations to provide guidance
to other radiation facilities in preparation for a possible cyberattack. Our response and recommendations are intended to serve as a
starting point to assist other facilities in cybersecurity preparedness planning. Because there is no one-size-fits-all response, each
department should determine its specific vulnerabilities, risks, and available resources to create an individualized plan.
© 2022 The Authors. Published by Elsevier Inc. on behalf of American Society for Radiation Oncology. This is an open access
article under the CC BY-NC-ND license (http://creativecommons.org/licenses/by-nc-nd/4.0/).

Introduction
On October 28, 2020, a joint alert was issued by the U.
S. Cybersecurity and Infrastructure Security Agency, the
Federal Bureau of Investigation, and the U.S. Department
of Health and Human Services warning of “credible information of an increased and imminent cybercrime threat to
U.S. hospitals and health care providers.”1 At approximately 11 AM that day, the University of Vermont Health

Network (UVMHN) experienced multiple clinical system
outages as a result of a cyberattack. Access to the internet,
hospital servers, and remaining clinical systems was immediately halted by our information technology (IT) infrastructure team to minimize further propagation of
malware. As a result, all hospital electronic medical records
(EMR), laboratory, pharmacy, pathology, radiology, and
hospital phone and email systems were inaccessible.

Immediate Effects
Sources of support: This work had no specific funding.
Disclosures: none.
Data sharing statement: Research data are stored in an institutional
repository and will be shared uponrequest to the corresponding author.
*Corresponding author.; E-mail: carl.nelson2@uvmhealth.org

The complete and immediate shutdown of UVMHN
information and communication systems had an overwhelming impact on patients and providers. After months

https://doi.org/10.1016/j.adro.2022.100897
2452-1094/© 2022 The Aut...