Abstract
Cyberattacks targeting healthcare institutions are continuing to increase. In today’s world with everything connected to the Internet, cyberattacks pose a significant threat that can severely impact societal functions.
On October 31, 2022, the Osaka General Medical Center suffered a cyberattack involving ransomware, resulting in a major failure of its electronic medical record system. This study aimed to identify the challenges and future countermeasures for system failures in dental care for persons with disabilities, from the perspective of an Information Technology-Business Continuity Plan (IT-BCP) that assumes such cyberattacks. We present a chronological account of our department’s situation during the system outage and compare the weekly number of outpatient visits with the same period in the previous year.
Due to the cyberattack, all systems connected to the electronic medical record system were rendered inoperative, forcing an initial suspension of all outpatient services and scheduled surgeries. However, by implementing alternative measures such as using paper-based medical records and requesting patients to fill out medical questionnaires again, we were able to gradually resume medical services while ensuring safety.
As a result of the system failure, the number of patients initially dropped to 29% compared to the same period in the previous year. However, in the week following the restoration of the electronic medical record viewing system, patient volume recovered to 98%, and upon full restoration of the medical system, it exceeded the previous year’s level, reaching 109%.
This incident revealed that the BCP prepared in advance by the center was insufficient for responding effectively. Going forward, it is essential to develop a robust business continuity plan for cybersecurity, just as we do for natural disasters, applying the lessons learned from this experience.
