In October 2021, Hillel Yaffe, MC, suffered a ransomware attack which shutdown most hospital computer systems, including patient EMR, pharmacy, communications, administration and backup systems. Staff were left in a state of “cyber-shock” without access to essential information for maintaining safety, quality and continuity of care. The aim of this presentation is to share the hospitals' experience and insights of this cyber-attack, outlining preparedness and response strategies.

This attack required a multifaceted emergency response strategy, including:

• Immediate response activated according to specific pre-prepared emergency scenario action lists

• Leadership decision making in real time under conditions of uncertainty

• Identifying the extent of systems affected

• Establishing alternative communication across the organization

• Distributing real-time status updates and proactive guidelines, based on pre-existing emergency preparedness protocols

• Finding alternative access to patient health histories

• Adaptation and distribution of alternative hardcopy versions of patient evaluation and documentation normally done by EMR

• Distribution of instruction materials for staff via alternative communication, ensuring quick and correct adoption of alternative protocols

• Special emphasis on patient safety, risk management, quality and continuity of care

Recognition, support and resilience-building for staff facing uncertainty and unprecedented conditions

Required preparations include pre-prepared standing orders and procedures, exercises and simulations. Advanced preparation of alternative documentation and care protocols will enable uninterrupted, safe, high-quality patient care. Familiarity with pen-and-paper documentation may minimize shock and disorientation from “digital withdrawal”, especially among younger workers lacking manual documentation experience. Staff members should also be instructed in maintaining “digital hygiene”, such as using strong passwords and awareness about cyber-security threats.

Hospitals must prepare for potential cyber-attacks and EMR/digital system shutdowns. Cyber-attack should be treated by organizations as an emergency event, and they should prepare incident response and contingency plans, to assure business continuity and quick disaster recovery.