Friday, May 9, 2025
5/9/2025
Modeling Cyber Attack Impacts on Patient Outcomes - ABSTRACT SUMMARY Over the last 25 years, healthcare has undergone significant digital transformation resulting in an increasing and near total dependence on technology to deliver clinical care. Despite this rapid acceleration of technology deployment, the protection of these systems from adversaries such as malicious hackers (a practice which constitutes the discipline of cybersecurity) has not matched the pace and ubiquity of technological advances. Cyber attacks on healthcare have been increasing in frequency and severity, resulting in many public examples of compromised clinical care, lost revenue, and breaches of protected health information. Furthermore, a vast majority of the nascent healthcare cybersecurity literature focuses on the protection of patient health data, and ignores the risks cyber attacks pose to patient safety and clinical outcomes. The long term goal is to understand the negative impacts of cyber attacks on patient outcomes including morbidity and mortality. The overall objective of this application is to identify which clinical workflows, medical devices, software systems, and other digitized hospital infrastructure present the greatest potential harm to patients when Integrity and Availability cyber attacks are used by malicious hackers. The central hypothesis is that data-driven models of cyber attacks on healthcare can identify processes and clinical workflows most vulnerable to negatively impacting patient outcomes. The rationale for this project is that its models will help create a foundational base of healthcare cybersecurity knowledge, without which targets in need of increased cybersecurity measures will remain unknown. The acquisition of this knowledge will change the healthcare security paradigm to include both a more holistic understanding of cybersecurity risks but also one that considers the patient safety and outcome impacts of cyber attacks. This project has two specific aims: (1) Develop healthcare cyber attack models where the integrity of patient data has been compromised; and (2) Develop healthcare cyber attack models where the availability of critical technical systems are impacted. The first aim will utilize microsimulation to model patient care in a hospital undergoing integrity cyber attacks that maliciously modify diagnostic and therapeutic data. The second aim will also utilize microsimulation but will model the care of patients in hospitals undergoing availability cyber attacks such as Ransomware which render certain technical systems inoperable. Both aims will model the care of patients presenting with stroke, myocardial infarction, and sepsis. The proposed research in this application is innovative, because it is the first known attempt to formally model the impacts cyber attacks have on patient outcomes. The proposed research is significant because it is expected to provide a strong theoretical foundation to justify further clinical studies of cyber attack patient outcome impacts, including empirical studies on real patient populations. Additionally, accurate and usable models of healthcare cyber attacks can give stakeholders the critical information they need to properly defend digital infrastructure from malicious hackers, minimizing risk to patient safety.
HHS’ Tracking Accountability in Government Grants System (TAGGS) website provides access to detailed descriptions of grants, loans, aggregated direct payments and other types of financial assistance awarded by the HHS Operating Divisions (OPDIVs) and the Office of the Secretary Staff Divisions (STAFFDIVs).