ESTRO 2024 - Abstract Book

S2922

Interdiscplinary - Other

ESTRO 2024

[5] Department of Business, Energy and Industrial Strategy 2022. https://www.gov.uk/government/publications/greenhouse-gas-reporting-conversion-factors-2022 [accessed 18 July 2023]

1680

Digital Poster

Cyberattack fallback scenario for a radiotherapy department

Eric Messens 1 , Piet Stevens 1 , Ali Dabach 1 , Koen Snijders 1 , Paul Meijnders 1 , Jan Vandecasteele 2 , Wim Duthoy 2 , Abdeljalil Arfala 3 , Michael Duchateau 4 , Dirk Verellen 1 1 GZA, Radiotherapy, Wilrijk, Belgium. 2 AZ St Lucas, Radiotherapy, Gent, Belgium. 3 Private, Private, Genk, Belgium. 4 MIM, Software, Genk, Belgium

Purpose/Objective:

Assuming prevention failed and a cyberattack has occurred, a fallback scenario has been developed and tested between two independent radiotherapy departments ensuring continuation of radiotherapy treatments. The proposed solution aims to create a business continuity plan in case the cyberattack disrupts the IT infrastructure, preventing the department from accessing any treatment or patient demographic data necessary to perform patient treatments. As in this scenario, the worst case is addressed (all systems are affected), the proposed workflow requires the collaboration of other radiotherapy departments in the vicinity. The goal is to ensure the continuity of treatments for all or at least for the most urgent patients and aims in the long term to create a platform for a regional network of neighboring departments.

Material/Methods:

All treatment and demographic data of patients in active treatment are sent to the cloud as part of the treatment plan finalization step in the workflow. Data exchange already includes automated export of all relevant treatment data via DICOM to different applications active during treatment (more specifically: Aria R&V (Varian), SunCHECK (Sun Nuclear / Mirion), Catalyst+ HD (C-Rad AB), and an additional export location to MIM Pacs - Cloud has been added for the fallback scenario. The cloud was chosen as there is no risk of propagating the infection from the local network and no extra hardware investment is required. MIM Cloud (MIM Software Inc.) was selected because it is a validated cloud service for medical data. Several physical locations (eg. EU, Ireland) depending on the local hospital patient data policies can be chosen. Once a patient has received the last treatment fraction all patient data will be removed from the cloud storage. The data can be shared in a safe and controlled way via a web interface with other hospitals, and access is managed by the local institution. Radiation oncologists will have to perform a triage of the patients under treatment based on the urgency of the pathology (especially, if the department facing the cyberattack is large). Ideally, patients will have to be distributed among multiple radiotherapy centers to keep the impact on the helping centers manageable. As a proof of concept, we tested the fallback procedure (including an end2end phantom simulation) between 2 departments with different planning systems (Eclipse and RayStation) using the RayStation fallback (mimic) planning to create new treatment plans for the treatment machines available in the collaborating institute. A complicating aspect of the proposed workflow is the collaboration between hospitals with different treatment planning systems, treatment machines and treatment accessories. In case the fallback plan (mimic) feature is not available the re-planning phase can be a bit more complicated, yet, not impossible.