| Recurring |
one_organization, multiple_organization |
(a) The software failure incident having happened again at one_organization:
- CommonSpirit Health experienced a major IT breach due to a ransomware hack on October 3, affecting 140 hospitals and more than 1,000 care sites [135033].
- The incident led to doctors not having access to medical records, causing delays in critical scans, surgeries, and patient care [135033].
- Patients, including a three-year-old boy in Iowa, suffered consequences such as being overdosed on medication and having surgeries delayed due to the cyberattack [135033].
- The incident resulted in ambulances being diverted from a struggling hospital, patients experiencing delays in cancer care, and surgeries being postponed [135033].
(b) The software failure incident having happened again at multiple_organization:
- Australian officials attributed a cyberattack on Medibank, Australia's largest health insurer, to a group of cybercriminals operating in Russia [135033].
- The cybercriminals stole personal medical records of 9.7 million Medibank customers and dumped the data on the dark web [135033].
- The FBI, Cybersecurity and Infrastructure Security Agency, and Department of Health and Human Services issued a joint alert about the Daixin Team targeting US businesses, especially in the healthcare sector, with ransomware attacks [135033].
- The Daixin Team has been actively targeting US businesses, predominantly in the healthcare and public health sector, with ransomware and data extortion operations [135033]. |
| Phase (Design/Operation) |
design, operation |
(a) The software failure incident related to the design phase can be seen in the CommonSpirit Health ransomware attack. The incident occurred due to a cyberattack on CommonSpirit's IT systems, specifically a ransomware hack on October 3 [135033]. The attack led to the encryption of all databases, including patient records, which meant that doctors and nurses were effectively treating patients in the dark without access to patient records and other hospital programs, including drug dispensing systems. This failure was a result of contributing factors introduced during the system development and maintenance processes, where the cybercrime group infiltrated the hospital's computer system and encrypted the databases, leading to the inability to access critical patient information.
(b) The software failure incident related to the operation phase can be observed in the consequences of the CommonSpirit Health ransomware attack on patient care. Due to the cyberattack, doctors and healthcare providers were forced to operate without full access to patients' digital medical records, leading to delays in critical scans, surgeries, and medication administration [135033]. Patients experienced adverse effects, such as a three-year-old boy being accidentally given a megadose of opioids and surgeries being postponed. This failure was a result of contributing factors introduced during the operation of the system, where staff had to treat patients without electronic access to records and ordering medication, causing errors and delays in patient care. |
| Boundary (Internal/External) |
within_system |
(a) within_system: The software failure incident at CommonSpirit Health was primarily caused by factors originating from within the system. The incident was a ransomware attack that infiltrated the hospital's computer system and encrypted all databases, including patient records, preventing access to critical information [135033]. The attack led to significant disruptions in patient care, with doctors unable to access medical records, resulting in delayed surgeries, overdoses, and potentially dangerous situations for patients [135033]. The ransomware attack directly impacted the hospital's IT infrastructure and systems, leading to operational challenges and compromised patient care [135033]. |
| Nature (Human/Non-human) |
non-human_actions, human_actions |
(a) The software failure incident occurring due to non-human actions:
- The software failure incident at CommonSpirit Health was caused by a ransomware attack on October 3, which led to a major IT breach [135033].
- The ransomware attack resulted in the encryption of all databases, including patient records, preventing healthcare providers from accessing essential information [135033].
- As a result of the cyberattack, doctors and nurses were effectively treating patients in the dark without access to patient records and other hospital programs, including drug dispensing systems [135033].
- The attack led to delays in critical medical procedures, such as surgeries for patients with brain bleeds, ovarian cysts, and cancerous tumors [135033].
- The incident also resulted in a three-year-old boy in Iowa being accidentally given a megadose of opioids due to the computer system being shut down, causing staff to treat patients without electronic access to records and medication ordering systems [135033].
(b) The software failure incident occurring due to human actions:
- The incident highlighted the dangerous consequences of doctors not having access to medical records, leading to potential overprescription of drugs and delays in necessary medical procedures [135033].
- Security experts emphasized the risks associated with treating patients without full access to their digital medical records, stating that it could be very dangerous and potentially lead to catastrophic outcomes for patients [135033].
- The ransomware attack was attributed to cybercriminals who infiltrated the hospital's computer system and encrypted databases, indicating a deliberate human action to disrupt healthcare operations [135033].
- Concerns were raised about the potential alteration of data by hackers and the difficulty in ensuring that the hackers no longer have access to the hospital's systems [135033].
- The incident also highlighted the challenges faced by hospitals in recovering from ransomware attacks, with potential long-term impacts on patient care and data security [135033]. |
| Dimension (Hardware/Software) |
hardware, software |
(a) The software failure incident occurring due to hardware:
- The incident at CommonSpirit Health was a result of a ransomware attack on their IT systems, which led to a major disruption in their operations [135033].
- The cyberattack on CommonSpirit Health caused certain systems to be taken offline, leading to staff treating patients without electronic access to records and ordering medication, resulting in incidents like a three-year-old boy being mistakenly overdosed on opioids [135033].
- The ransomware attack on CommonSpirit Health forced the diversion of ambulances from the MercyOne hospital's emergency department to another medical center [135033].
(b) The software failure incident occurring due to software:
- The ransomware attack on CommonSpirit Health was a result of cybercriminals infiltrating the hospital's computer system and encrypting all databases, including patient records, which prevented healthcare providers from accessing critical information [135033].
- The cyberattack led to delays in surgeries, including cancer care, brain bleeds, and ovarian cyst removals, due to the hospital systems being offline [135033].
- The incident caused significant disruptions in patient care, with healthcare professionals treating patients without full access to their digital medical records, leading to potential dangers and unsafe conditions for patients [135033]. |
| Objective (Malicious/Non-malicious) |
malicious, non-malicious |
(a) The software failure incident related to the CommonSpirit hack can be categorized as malicious. The incident was a result of a ransomware attack on CommonSpirit Health, a major hospital chain, where cybercriminals infiltrated the computer system and encrypted all databases, including patient records, demanding a ransom for decryption key [135033].
The attack led to significant disruptions in healthcare services, with doctors not having access to medical records, resulting in dangerous situations such as a three-year-old boy being overdosed on opioids and delays in critical surgeries for patients with brain bleeds, ovarian cysts, and cancerous tumors [135033].
Additionally, the incident involved the leaking of 9.7 million medical records from Australian health insurer Medibank by cybercriminals, further highlighting the malicious nature of the attack [135033].
(b) The software failure incident can also be considered non-malicious to some extent. While the root cause of the failure was the ransomware attack initiated by cybercriminals, the consequences of the attack, such as delays in surgeries, diversion of ambulances, and challenges in providing proper care to patients, were unintended and resulted from the disruption caused by the attack rather than a direct intent to harm the system [135033]. |
| Intent (Poor/Accidental Decisions) |
poor_decisions, accidental_decisions |
(a) The intent of the software failure incident related to poor_decisions:
- The software failure incident at CommonSpirit Health was a result of a ransomware attack on October 3, which led to a major IT breach affecting the hospital chain's computer systems [135033].
- CommonSpirit Health suffered from a ransomware attack where cybercriminals infiltrated the hospital's computer system and encrypted all databases, including patient records, leading to a situation where doctors and nurses were treating patients without access to their records [135033].
- The incident involved poor decisions in terms of cybersecurity measures and response, as the hackers demanded a ransom in exchange for a decryption key to regain access to the system, and the impact on patient care was significant due to delays in surgeries, medication errors, and compromised access to medical records [135033].
(b) The intent of the software failure incident related to accidental_decisions:
- The software failure incident at CommonSpirit Health resulted in accidental decisions such as a three-year-old boy in Iowa being accidentally given a megadose of opioids due to the computer system being shut down during the cyberattack, leading to unintended consequences for patient care [135033].
- Patients experienced delays in critical surgeries, including the removal of cancerous tumors and brain bleeds, due to the accidental consequences of the cyberattack on the hospital's systems, impacting their access to timely and necessary medical care [135033].
- The incident highlighted unintended decisions made by hospital staff who had to manually administer and order dosages due to the computer system being down, resulting in medication errors and compromised patient safety [135033]. |
| Capability (Incompetence/Accidental) |
development_incompetence, accidental |
(a) The software failure incident occurring due to development incompetence:
- The software failure incident at CommonSpirit Health was due to a ransomware hack on October 3, leading to major IT breach affecting 140 hospitals and more than 1,000 care sites [135033].
- Doctors not having access to medical records was highlighted as 'very dangerous' by security experts, indicating a lack of professional competence in handling the situation [135033].
- The incident resulted in delayed critical scans, surgeries, and overdosing of a three-year-old boy on pain meds in Iowa, showcasing the impact of the failure on patient care [135033].
(b) The software failure incident occurring accidentally:
- The accidental overdose of a three-year-old boy in Iowa with opioids was attributed to the cyberattack causing certain systems to be taken offline, leading to staff treating patients without electronic access to records and medication ordering [135033].
- The incident of the boy being given a 'megadose' of opioids was due to the hospital having to manually administer and order dosages because of the computer system being down, indicating an accidental consequence of the software failure [135033].
- The incident at MercyOne Children's Hospital in Des Moines, Iowa, where the boy was overdosed, was a result of the cyberattack causing staff to treat patients without electronic access to records and medication ordering, leading to the accidental administration of the wrong dosage [135033]. |
| Duration |
temporary |
The software failure incident at CommonSpirit Health was temporary. The incident occurred on October 3 when the system suffered a ransomware attack, causing major IT issues and leading to the shutdown of computer systems [135033]. The computer systems were taken offline on October 5 and came back online on October 16. However, it took until October 17 for CommonSpirit to confirm that the attack was ransomware. The majority of providers regained access to electronic health records by November 9, indicating that the systems were gradually being restored [135033]. |
| Behaviour |
crash, omission, value, other |
(a) crash: The software failure incident in the articles can be categorized as a crash due to the system losing state and not performing its intended functions. This is evident from the description of how the hospital's computer systems were taken offline on October 5 [135033], leading to delays in critical scans, surgeries, and patient care [135033].
(b) omission: The software failure incident can also be categorized as an omission due to the system omitting to perform its intended functions at instances. For example, patients experienced delays in surgeries, including the removal of cancerous tumors and ovarian cysts, due to the cyberattack causing certain systems to be taken offline [135033].
(c) timing: The timing of the software failure incident can be considered as a factor in the failure. The system performed its intended functions correctly, but too late or too early, leading to delays in patient care, surgeries, and critical scans [135033].
(d) value: The software failure incident can be categorized as a value failure due to the system performing its intended functions incorrectly. For instance, a three-year-old boy in Iowa was accidentally given a megadose of opioids because the computer system which tells doctors how much medication to give was shut down [135033].
(e) byzantine: The software failure incident does not exhibit characteristics of a byzantine failure, which involves the system behaving erroneously with inconsistent responses and interactions.
(f) other: The software failure incident can also be described as a failure resulting from a ransomware attack, where cybercriminals infiltrated the hospital's computer system, encrypted databases, and demanded ransom for access. This led to the system being unable to provide access to patient records, causing disruptions in patient care and potentially compromising patient information [135033]. |