Incident Details

Incident: Cyberattack on Brooklyn Hospitals' Computer Systems Leads to Paper Chart Usage

Published Date: 2022-12-20

Postmortem Analysis
Timeline	1. The software failure incident at the network of three hospitals in Brooklyn, New York, happened in late November [136937]. Estimation: Step 1: The article mentions that the cyberattack on the hospital's computer systems occurred in late November. Step 2: The article was published on 2022-12-20. Step 3: Therefore, the incident likely occurred in late November 2022.
System	1. Clinical applications, including those used for imaging and other critical services [136937]
Responsible Organization	1. The software failure incident, a cyberattack leading to the hospitals in Brooklyn having to work off paper charts, was caused by external hackers targeting the hospital group's computer systems [136937].
Impacted Organization	1. One Brooklyn Health network of hospitals in Brooklyn, New York [Article 136937]
Software Causes	1. The software cause of the failure incident was a cyberattack on the computer systems of the hospital network, affecting clinical applications used for imaging and other critical services [136937].
Non-software Causes	1. Lack of resources and cybersecurity measures in hospitals, especially in rural or poor areas [136937] 2. Cybersecurity vulnerabilities across socioeconomic lines leading to hospitals being target-rich but cyber poor [136937]
Impacts	1. The network of three hospitals in Brooklyn had to work off paper charts for weeks following the cyberattack on its computer systems, affecting clinical applications including imaging and critical services [136937]. 2. Diagnostic imaging had to be sent out to a third-party provider rather than done in-house at Brookdale University Hospital Medical Center due to the hack [136937]. 3. More than 80% of the computer workstations used by doctors and staff to support hospital operations have been restored [136937]. 4. Hospital administrators have begun putting some clinical data into patients' electronic medical records [136937]. 5. The incident caused disruption and required hospital staff to use downtime procedures they had been trained for [136937].
Preventions	1. Implementing robust cybersecurity measures such as firewalls, intrusion detection systems, and regular security audits could have potentially prevented the cyberattack on the hospital network [136937]. 2. Conducting regular cybersecurity training for staff members to increase awareness about phishing attacks and other common tactics used by hackers could have helped in preventing the incident [136937]. 3. Ensuring timely software updates and patches for all systems and applications to address known vulnerabilities could have reduced the risk of a successful cyberattack [136937].
Fixes	1. Enhancing cybersecurity measures and investing in resources to defend hospital networks from hackers, especially in vulnerable areas like rural or poor communities [136937]. 2. Making cyber safety and resilience a national priority to protect computer networks that can affect human safety [136937].
References	1. One Brooklyn Health CEO LaRay Brown 2. Staff member at Brookdale 3. IT administrator at a 100-bed hospital in Florida 4. Joshua Corman, vice president at Claroty 5. CNN's Sarah Boxer [136937]

Software Taxonomy of Faults

Category	Option	Rationale
Recurring	one_organization, multiple_organization	(a) The software failure incident having happened again at one_organization: The article mentions that One Brooklyn Health, a network of three hospitals in Brooklyn, New York, experienced a cyberattack on its computer systems, leading to disruptions in clinical applications, including imaging services [136937]. This incident highlights a software failure within the same organization, impacting multiple hospitals under One Brooklyn Health. (b) The software failure incident having happened again at multiple_organization: The article discusses how many hospitals across the country, including a 100-bed hospital in Florida, have had to deal with ransomware attacks and cyber threats [136937]. It indicates that the issue of cyberattacks affecting hospitals is not unique to One Brooklyn Health but is a widespread problem faced by multiple healthcare organizations.
Phase (Design/Operation)	design, operation	(a) The software failure incident in the article is related to the design phase. The incident was a cyberattack on the computer systems of three hospitals in Brooklyn, New York, affecting clinical applications, including those used for imaging and other critical services [136937]. (b) The software failure incident in the article is also related to the operation phase. Following the cyberattack, hospital staff had to work off paper charts for weeks, and diagnostic imaging had to be sent out to a third-party provider rather than done in-house. Hospital administrators had to put some clinical data into patients' electronic medical records using downtime procedures [136937].
Boundary (Internal/External)	outside_system	(a) within_system: The software failure incident at One Brooklyn Health hospitals in Brooklyn, New York, was due to a cyberattack on its computer systems, affecting clinical applications used for imaging and other critical services [136937]. The hack led to the hospitals having to work off paper charts for weeks, disrupting operations and requiring diagnostic imaging to be sent out to a third-party provider instead of being done in-house. The incident highlights the vulnerability of hospital networks to cyberattacks and the challenges of recovering from such intrusions.
Nature (Human/Non-human)	non-human_actions, human_actions	(a) The software failure incident in Article 136937 occurred due to non-human actions, specifically a cyberattack on the computer systems of the hospital network in Brooklyn, New York. The cyberattack affected clinical applications, including those used for imaging and other critical services, leading to the hospitals having to work off paper charts for weeks. The hack disrupted hospital operations and required diagnostic imaging to be sent out to a third-party provider instead of being done in-house. The incident highlights how hacking incidents can disrupt healthcare services and the importance of cybersecurity in protecting critical infrastructure ([136937]). (b) The software failure incident in Article 136937 was not directly attributed to human actions. However, the article mentions the challenges faced by hospitals, especially those in rural or poor areas, in defending their networks from hackers due to resource constraints. It also discusses the role of human actions in responding to cyberattacks, such as shutting down computer systems to prevent ransomware attacks from spreading throughout the hospital ([136937]).
Dimension (Hardware/Software)	hardware, software	(a) The software failure incident reported in Article 136937 was due to a cyberattack on the computer systems of the hospital network in Brooklyn, New York. This cyberattack affected the clinical applications, including those used for imaging and other critical services. The incident resulted in the hospitals having to work off paper charts for weeks, disrupting their operations. The hack impacted the hardware systems by causing disruptions in the usage of computer workstations and diagnostic imaging equipment [136937]. (b) The software failure incident was primarily caused by a cyberattack, which is a software-related issue. The cyberattack targeted the hospital network's computer systems and affected various software applications used for critical services. The incident highlights the vulnerability of healthcare organizations to cyber threats and the importance of cybersecurity measures to protect against such software failures [136937].
Objective (Malicious/Non-malicious)	malicious	(a) The software failure incident in Article 136937 is malicious. It was a cyberattack on the computer systems of a network of three hospitals in Brooklyn, New York. The hack affected critical clinical applications, including those used for imaging services, and forced the hospitals to work off paper charts for weeks. The incident disrupted hospital operations and required diagnostic imaging to be sent to a third-party provider. The article mentions the possibility of a ransomware attack, which is a type of cyberattack that locks up computer systems until a ransom is paid. The incident highlights the ongoing threat of hacking incidents targeting hospitals, especially during the coronavirus pandemic [136937].
Intent (Poor/Accidental Decisions)	unknown	(a) The software failure incident at One Brooklyn Health hospitals in Brooklyn, New York, was not explicitly attributed to poor decisions. However, the incident highlighted the vulnerability of hospitals, especially those in rural or poor areas, to cyberattacks due to lack of resources for cybersecurity defense [136937]. (b) The software failure incident at One Brooklyn Health hospitals in Brooklyn, New York, was a result of a cyberattack, specifically a hack on the computer systems affecting clinical applications used for imaging and critical services. The incident disrupted hospital operations, leading to the need for paper charts and sending diagnostic imaging to a third-party provider. The hack did not adversely affect patients, and hospital staff had to resort to downtime procedures to continue providing care. The incident showcases the disruptive nature of cyberattacks on healthcare facilities [136937].
Capability (Incompetence/Accidental)	unknown	(a) The software failure incident in Article 136937 was not explicitly attributed to development incompetence. The incident was primarily described as a cyberattack on the hospital group's computer systems, affecting clinical applications used for imaging and critical services. The CEO mentioned that many applications have been restored, and hospital staff had to resort to using paper charts for weeks. The incident highlighted the challenges hospitals face in dealing with cyberattacks during the ongoing pandemic, emphasizing the disruptive nature of such incidents on hospital operations and patient care. (b) The software failure incident in Article 136937 was attributed to a cyberattack, specifically mentioned as a hack on the hospital group's computer systems. The cyberattack impacted clinical applications, including those used for imaging and critical services, leading to the hospitals having to work off paper charts for weeks. The incident underscored the vulnerability of hospitals to cyber threats and the potential consequences of such attacks on patient care and operational efficiency.
Duration	temporary	(a) The software failure incident in the article is temporary. The network of three hospitals in Brooklyn had to work off paper charts for weeks following a cyberattack on its computer systems in late November [136937]. The hack affected clinical applications, including those used for imaging and other critical services, but many of those applications have been restored. More than 80% of the computer workstations that doctors and staff use to support hospital operations have been restored, and hospital administrators have begun putting some clinical data into patients' electronic medical records. This indicates that the software failure incident was not permanent but rather temporary, as the systems are being restored gradually.
Behaviour	omission, other	(a) crash: The software failure incident in Article 136937 involved a cyberattack on the computer systems of a network of three hospitals in Brooklyn, New York. This resulted in the hospitals having to work off paper charts for weeks, with clinical applications, including those used for imaging and critical services, being affected. Diagnostic imaging had to be sent out to a third-party provider due to the hack, indicating a loss of functionality [136937]. (b) omission: The cyberattack on the hospital network led to the omission of performing certain functions in-house, such as diagnostic imaging, which had to be outsourced to a third-party provider. This omission of services directly impacted the hospital's operations and patient care [136937]. (c) timing: The timing of the software failure incident is not explicitly mentioned in the article. However, the disruption caused by the cyberattack on the hospital network likely resulted in delays in providing certain services, such as diagnostic imaging, which had to be sent out to a third-party provider [136937]. (d) value: The software failure incident did not involve the system performing its intended functions incorrectly in terms of providing incorrect outputs or results. Instead, the focus was on the loss of functionality and the need to resort to manual processes due to the cyberattack [136937]. (e) byzantine: The software failure incident did not exhibit characteristics of a byzantine failure where the system behaves erroneously with inconsistent responses and interactions. The primary issue was the cyberattack compromising the hospital network's functionality and forcing staff to resort to paper-based processes [136937]. (f) other: The software failure incident in the article can be categorized as a cyberattack-induced disruption leading to the loss of system functionality, particularly in critical areas like imaging services. The incident highlights the vulnerability of healthcare systems to cyber threats and the challenges hospitals face in maintaining operations during such attacks [136937].

IoT System Layer

Layer	Option	Rationale
Perception	processing_unit, network_communication	(a) sensor: The software failure incident reported in the article is related to a cyberattack on the computer systems of a network of three hospitals in Brooklyn, New York. The hack affected "clinical applications," including those used for imaging and other critical services. Diagnostic imaging at one of the hospitals had to be sent out to a third-party provider rather than done in-house due to the hack [136937]. (b) actuator: The article does not mention any specific failure related to actuator errors. (c) processing_unit: The software failure incident was primarily related to the cyberattack on the computer systems of the hospitals, affecting clinical applications and critical services. The hack disrupted the processing unit of the hospitals' systems, leading to the need for paper charts and downtime procedures for patient care [136937]. (d) network_communication: The failure incident involved a cyberattack on the computer systems of the hospitals, impacting network communication and clinical applications. The hack disrupted the hospitals' ability to use computer workstations and electronic medical records, requiring staff to resort to paper charts and downtime procedures [136937]. (e) embedded_software: The article does not provide specific information about the failure being related to embedded software errors.
Communication	connectivity_level	The software failure incident reported in Article 136937 was related to the connectivity level of the cyber physical system. The incident involved a cyberattack on the computer systems of a network of three hospitals in Brooklyn, New York, which affected "clinical applications" used for critical services, including imaging [136937]. The hack disrupted the hospital's operations, leading to the need for diagnostic imaging to be outsourced to a third-party provider instead of being done in-house. The incident highlights the vulnerability of hospitals to cyberattacks and the disruptive impact on patient care and hospital staff [136937].
Application	TRUE	The software failure incident reported in Article 136937 was related to the application layer of the cyber physical system. The incident involved a cyberattack on the computer systems of a network of three hospitals in Brooklyn, New York, which affected "clinical applications" used for imaging and other critical services [136937]. The hack led to disruptions in diagnostic imaging at the medical center, forcing the hospitals to resort to sending imaging out to a third-party provider instead of conducting it in-house [136937]. This disruption in critical services and the need to resort to downtime procedures for patient care indicate that the failure was indeed related to the application layer of the cyber physical system.

Other Details

Category	Option	Rationale
Consequence	delay, non-human, theoretical_consequence, other	(a) death: People lost their lives due to the software failure - No information in the provided article suggests that people lost their lives due to the software failure incident. [136937] (b) harm: People were physically harmed due to the software failure - There is no mention of people being physically harmed due to the software failure incident. [136937] (c) basic: People's access to food or shelter was impacted because of the software failure - The article does not mention any impact on people's access to food or shelter due to the software failure incident. [136937] (d) property: People's material goods, money, or data was impacted due to the software failure - The software failure incident resulted in disruptions to hospital operations, particularly affecting clinical applications like imaging services. Diagnostic imaging had to be outsourced, indicating an impact on hospital resources and operations. However, there is no specific mention of people's material goods, money, or data being directly impacted. [136937] (e) delay: People had to postpone an activity due to the software failure - The hospitals had to resort to using paper charts for weeks following the cyberattack, indicating a delay in normal operations and potentially affecting patient care efficiency. Diagnostic imaging had to be sent out to a third-party provider instead of being done in-house, suggesting a delay in this specific activity. [136937] (f) non-human: Non-human entities were impacted due to the software failure - The software failure incident primarily affected the computer systems and clinical applications of the hospitals, leading to disruptions in services and operations. Non-human entities like computer workstations and electronic medical records were impacted. [136937] (g) no_consequence: There were no real observed consequences of the software failure - The software failure incident had observable consequences on hospital operations, patient care procedures, and the need to resort to paper charts. Therefore, there were real observed consequences of the software failure. [136937] (h) theoretical_consequence: There were potential consequences discussed of the software failure that did not occur - The article discusses the potential consequences of ransomware attacks on hospitals, including locking up computer systems until a ransom is paid. While the specific type of attack on One Brooklyn Health was not confirmed, the article mentions the possibility of ransomware attacks as a common threat to hospitals. However, it does not confirm that a ransom was paid in this case. [136937] (i) other: Was there consequence(s) of the software failure not described in the (a to h) options? What is the other consequence(s)? - The article highlights the disruptive nature of recovering from cyberattacks on hospital systems, the need for cyber safety and resilience as a national priority, and the challenges faced by hospitals, especially those in rural or poor areas, in defending their networks from hackers. These broader consequences related to cybersecurity, resource limitations, and patient care disruptions are additional impacts of the software failure incident. [136937]
Domain	health	(a) The failed system in this incident was related to the healthcare industry. The network of three hospitals in Brooklyn, New York, had to resort to using paper charts for weeks following a cyberattack on their computer systems, affecting clinical applications used for imaging and other critical services [136937]. The incident disrupted hospital operations and required staff to send diagnostic imaging to a third-party provider instead of conducting it in-house [136937]. The hospitals had to implement downtime procedures to continue providing care for patients, indicating the critical role of the system in supporting healthcare services [136937].

Sources

Brooklyn hospital network reverts to paper charts for weeks after cyberattack - CNN - Published on: 2022-12-20
Article ID: 136937

Back to List