Sunnylake Hospital
Statement of the problem:
The Electronic Medical Record reader system at Sunnylake hospital has been hacked. None of the doctors have been able to access patient records. The EMR device that reads the patient record displays the message “Access Denied”. The IT department tried and restored the system twice but it crashed again minutes later. The complete records were backed up on the network. But Sunnylake hospital currently has no way of delivering those records to the doctors who urgently needed them for patient care. The hacker is demanding $100K to restore the system back to normal.
Issues to be addressed:
The staffs are emotionally drained. While the IT department is struggling to restore the system, the doctors are asked to write paper nursing orders and prescriptions. For urgent cases the old paper records are referred to but they are outdated. A patient was treated with medicine he is allergic to and this cannot be allowed to happen again. The immediate concern is to provide the doctors with the latest patient record so that they can treat them. If we can recover treatment process at the hospital with some interim action it will be half the problem solved.
Our interim action to recover treatment process cannot go on forever. We will have to get the EMR system up and in action. Also the system should be made resistant to future security threats.
The next issue will be handling the hacker. Any person or group that is performing this operation is a serious threat to the society. They should be handled rightly so that they do not come back and do the same thing to us or other hospitals.
How to address the issues:
Interim Action:
Let us start with the interim action. Fortunately we have the complete patient records backup. IT department should be asked to come up with a way to get those records into paper in the required format. This need not be done for all the patients in our database. Only the records for the patients who need to be treated should be retrieved and printed. Patient records have to be retrieved for admitted IN patients and for those scheduled for surgery. For the walk in patients their printed record will be generated as they arrive and before they are directed to a doctor. This will keep us going for now.
This interim action will take 3 hours to be implemented provided we have 2 skilled IT engineers, printers and paper sources available to implement the action. [Value arrived at with my previous experience as IT consultant].
The interim action has to be