Cyber attacks may start online, but their effects can be tangible, serious, and long-lasting. When a cyber attack on hospitals occurs, everyone from patients in need of critical care to hospital board members can suffer the consequences.

Often, it’s nurses who bear the brunt of hospital cyber attacks. Not only do routine tasks (e.g. giving patients the correct medications) become a struggle, but supporting physicians, surgeons, patients’ families, and each other can become unprecedentedly challenging.

Few hospital personnel are trained in how to handle a cyber attack on hospital grounds, both in the moment and as their damages come to light. With a protocol in place for responding to a cyber attack as a travel nurse, you’ll be better equipped (and calmer under pressure) to handle one if it arises.

The Basics of Hospital Cyber Attacks

If you’ve had an eye on the news, you may be aware that hospitals have recently been targeted in a spate of cyber attacks. In 2023 alone, 46 hospital systems involving 141 healthcare facilities, experienced the effect of a major cyber attack. 

These hospital cyber attacks may come as no surprise: major healthcare facilities and medical insurance companies are financial heavy-hitters, making them a prime target for ransomware attacks specifically. But when a cyberattack occurs in a hospital or healthcare setting, it can be especially dangerous, impacting not only the physical health of patients, but also the financial, professional, and overall well-being of staff.

Cyber attacks can pose a danger to countless hospital functions, including but certainly not limited to:

  • Patient safety – From delaying emergency surgeries to preventing care providers from accessing vital electronic health records (EHRs), cyber attacks can have countless consequences for patients’ health and safety. 
  • Data security – Today, most sensitive information—whether medical records or financial information—is stored electronically. When a cyber attack occurs, all records and data stored digitally could be subject to theft, tampering, disabling, or destruction by the attackers.
  • Medical technology and devices – Some breaches can also interfere with devices used to treat patients. If these technologies are life-sustaining, the attack could have critical implications for the patients who depend on them.
  • Day-to-day operations – Cyber attacks can be extremely disruptive to day-to-day healthcare operations. EHRs, healthcare technologies, and in-hospital communications networks may all be compromised during a cyber attack. Not to mention, operational disruptions, costs, and security breaches can significantly damage a facility’s reputation.
  • Hospital finances – Like any other business, hospitals can take a significant financial hit when faced with a cyber attack. Repairing the attack can be extremely costly, and expenses can escalate with legal action and (if applicable) data security non-compliance fines. Downstream from these expenses, facilities may struggle to meet their bottom lines, which may even result in layoffs for hospital staff.

Signs of a Cybersecurity Breach: What to Look For

Understanding the signs of a potential cyber security breach can be your first line of defense against damages. Possible indications an attack is underway include:

  • Sluggish systems or frequent system crashes
  • Unusual activity, like sudden spikes in network traffic
  • Data lockouts
  • Demands for ransom
  • Phishing attempts
  • Unauthorized software installations

If you notice an unknown software installation, this could also be a sign of a cyber attack. In this case, it’s crucial to notify a manager or supervisor as quickly as possible.

7 Tips for Responding to a Cybersecurity Incident As a Travel Nurse

In the event of a hospital cyber attack, one of the best strategies is establishing an interim communication system. While networks are down, you and your colleagues will likely need to coordinate the use of cell phones, landlines, or hand-written documentation to maintain care and communicate clearly.

Additionally, the following recommendations can help you stay organized—and calm—under pressure, while the appointed response team deals with the effects of the attack.

#1 Maintain Patient Information Sheets (“Nurse Brain”)

One of the easiest ways to curb potential damages during a cyber attack is to act preemptively, analog-style: Keep a separate, hand-written sheet of paper for each patient containing vital information such as:

  • Patient identifiers (name, date of birth, medical record number)
  • Allergies
  • DPOA name
  • Contact information
  • Code status
  • Important medications
  • Most recent vitals
  • Relevant lab work
  • Primary care provider
  • Phone number and family contact information
  • Plan of care 
  • Nursing notes

An analog version of each patient’s pertinent information helps ensure you’ll have critical data readily available, especially during planned downtime or cyber attacks. 

Whatever you call them, “patient report sheets”, “kardex”, or even “nurse brains” can be highly effective tools during times of crisis. These paper documents serve as a failsafe containing all of the most vital information you may need about your patients. 

#2 Team Up with Your Coworkers

Not everyone is familiar with paper charting, especially younger colleagues who may have grown up in the digital age. As best you can, offer assistance and gentle reminders as necessary to maintain a supportive team environment during the attack.

For example, newer resident doctors have likely never had to write orders by hand. They may need reminders on these key elements required for a prescription medication order:

  • Date
  • Patient’s name, medical record number, and date of birth
  • Clinician name, address, DEA number
  • Name of medication 
  • Strength, form, and dosage of medication
  • Instructions for use (including holding parameters if applicable)
  • The prescribing physician’s signature

#3 Provide Extra Care and Reassurance to Patients

During times of disruption, patients and their families will require (and likely ask for) additional attention and reassurance. Whenever possible, try to avoid in-depth conversations about the cyber-attack itself. 

It’s also best to remind them that they’re still a priority despite the challenging circumstances.

#4 Be Sure to Document the Crisis Situation

In the event of an attack, it’s important to note the circumstances to give context to any patient charts and notes you take. So, try to get in the habit of noting that the patient chart was done in a crisis situation of a cyber-attack. 

Providing context for your documentation may be valuable if:

  • Future legal proceedings occur as a result of the cyber attack
  • Any errors or discrepancies crop up in ongoing patient data

It bears mentioning that it’s crucial to adhere to hospital policy on this issue. Your employer may have specific requests on what should be documented in the event of a crisis.

#5 Focus on Basics and Prioritize Care

During stressful situations, it’s a good idea to rely on the most foundational nursing principles. When in doubt, remember the ABCs:

  • Airway
  • Breathing
  • Circulation

Until the attack is resolved, aim to triage patients based on acuteness and prioritize your care protocol accordingly. In this case, you can use the classic SBAR acronym:

  • Situation
  • Background
  • Assessment
  • Recommendation

If you need to streamline documentation while systems are down, it can help to focus on significant changes or deviations from the norm, rather than exhaustive details. This will help save you and your colleagues time while ensuring important information is documented efficiently.

#6 Take Advantage of Downtime

No matter how heightened things can feel in a crisis, you’re likely to find yourself in a “wait state” at some point during the attack. During this time, you can: 

  • Familiarize yourself with hospital policy – Your hospital likely has downtime procedures, so make sure you’re familiar with them. It’s also important to know where to access printed patient information in the event of system outages. Do your best to be patient—there are bound to be a plethora of moving parts as leadership works through the process of retrieving and organizing data manually.
  • Connect with patients – Use downtime as an opportunity to sit with patients and connect on a deeper level. Though much of modern care work depends on computers, devices can often distract nurses and other staff from providing sincere bedside manner and individualized care. In other words, one silver lining of an attack might be restoring the human-to-human bonds care work is meant to enhance—even during the most challenging of situations. 
  • Exercise gratitude and remember your purpose – Gratitude can be one of the most reliable antidotes, even in the darkest moments. Try to focus on your overarching mission as an RN: to provide exceptional, compassionate care to people in need. Often, you can extend this commitment even beyond your circle of patients, strengthening relationships with colleagues as well.

#7 Focus on What’s in Your Control

The fact of the matter is, in any crisis—a cyber attack, a natural disaster, or some other hardship—most factors are out of your hands. If you can, try to save mental, emotional, and physical energy by focusing on what is within your control: your relationship with your patients and colleagues.

Gain Supporters You Can Trust at Host Healthcare

There’s no question that for hospitals, cyber attacks can have serious consequences. As a travel nurse, you’re on the front lines of that battle. To navigate everything from acute crises to the next big step in your career, you’ll want a nursing agency partner who can answer questions both large and small.

Host Healthcare recruiters are passionate about caring for those who care for others. By joining our network, you’ll receive 24/7 support, as well as exclusive access to thousands of jobs in all 50 states, day-1 medical, dental, and vision benefits, housing assistance, and more.

Our recruiters want to listen to your personal career goals and empower you to build the life that you deserve. Start the process by applying to Host Healthcare today.

 

Sources: 

Abelson, Reed. “Fallout from Cyberattack at Ascension Hospitals Persists, Causing Delays in Patient Care.” The New York Times, The New York Times, 23 May 2024, www.nytimes.com/2024/05/23/health/cyberattack-ascension-hospitals-patient-data.html. Accessed 23 June 2024. 

Lyngaas, Sean. “Damaging Hacks Expose the Weak Underbelly of America’s Health Care System | CNN Business.” CNN, Cable News Network, 16 May 2024, edition.cnn.com/2024/05/16/tech/damaging-hacks-expose-the-weak-underbelly-of-americas-health-care-system/index.html. Accessed 23 June 2024. 

“What Is a Cyberattack?” IBM, 15 Aug. 2021, www.ibm.com/topics/cyber-attack. Accessed 23 June 2024. 

“Common Signs of a Cyber-Attack or Data Breaches.” Ministry of Health, www.moh.gov.sg/licensing-and-regulation/cybersecurity-for-healthcare-providers/common-signs-of-a-cyber-attack#:~:text=Usual%20files%2C%20applications%2C%20or%20services,been%20changed%20without%20your%20involvement. Accessed 23 June 2024. 

“What Is a Nursing Brain Sheet?” Nurse.Org, nurse.org/education/nursing-report-brain-sheet/. Accessed 23 June 2024. 

Kenny, Brian J. “Pharmacy Prescription Requirements.” StatPearls [Internet]., U.S. National Library of Medicine, 9 Jan. 2024, www.ncbi.nlm.nih.gov/books/NBK538424/. Accessed 23 June 2024.