As staff in U.K. public hospitals draw breath after the unprecedented cyberattack that strangled many departments over the weekend, radiologists have begun the dual task of catching up on vital clinical work and communication and building safeguards to prevent further breaches of internet security.
"We were quite badly affected from an operational point of view, but only in radiology," Dr. Stephen Fenn, consultant radiologist and lead for IT at Hampshire Hospitals National Health Service (NHS) Foundation Trust, told AuntMinnieEurope.com. "On one of our main sites, three CT scanners, two MRIs, and all but one of the plain film (computed radiography/digital radiography) machines were taken down. We also had four PACS workstations affected across two sites."
The attack involving WannaCry ransomware became evident early on Friday afternoon, and the access route for the security breach presumably occurred via the N3 network (national broadband network for the NHS in England) rather than an internal PC, even though this remains unproven at this stage, he said.
"Initial efforts involved trying to isolate all modality hardware from the network so devices could keep functioning independently, with reporting and image viewing taking place on each modality console. But that actually proved impossible in some places due to the way the network connections had been designed," Fenn explained. "At the same time, IT shut down the N3 and general internet connections so as to limit further inbound attack."
This meant manually going through 3,000 firewall entries to determine what was safe to shut off, he said.
Modality service engineers arrived over the weekend and two CT scanners and one MR machine were working again by Monday morning, but one supplier could not be contacted over the weekend. In addition, the support contract had been subcontracted out and the hospital encountered difficulties contacting the subcontractor.
Fortunately the sites' PACS supplier is based very nearby, so they came out and reimaged all of the affected workstations straightaway, according to Fenn. Furthermore, McAfee released a patch for their security software at 2 a.m. on Saturday that was pushed out to all desktop PCs in the Hampshire hospital group, none of which had thus far been affected by the attacks.
"For our home reporting kit (owned by six of the 25 radiologists), I told them to turn the network off and then I logged in remotely to each one and installed the Windows patch and McAfee update," he noted. "We need a better solution than this going forward however."
Effect on patient care
The effect on patients was quite limited due in part to timing, with up to 200 scan appointments being cancelled over the weekend. The worst affected site had to close emergency trauma admissions because it had no CT scanner.
"Any in-patient CTs that were needed involved transferring the patient to the other site, although I think this only happened a couple of times all weekend," Fenn continued. "The two on-call radiologists were left to cover things onsite, as remote access from home was patchy to begin with."
Of more concern was the loss of connection to the outsourcing company, which normally reports all scans from 10 p.m. until 9 a.m. The on-call radiologists therefore had to cover the nights as well, which was hard work, he said. As of Monday afternoon, radiology services were running reasonably well across all sites, although some scanners were still being repaired.
Similar stories were heard elsewhere. A senior emergency doctor from Berkshire reported that the hospital's night CT reporting service refused to accept any images so it wouldn't get infected.
The Addenbrookes Hospital in Cambridge has not been affected at all, thanks largely to a massive IT upgrade carried out in November 2015, according to Dr. Fiona Gilbert, professor and head of radiology at the University of Cambridge.
"It was expensive at the time, but it will stand us in good stead," she noted.
No computer viruses have struck in Sunderland, northeast England, but everything was taken offline straight away as a precaution, explained Dr. Christiane Nyhsen, a consultant radiologist at the Sunderland Royal Hospital. No emails could be sent and received, so communication was difficult as a result, and general practitioners (GPs) had no access to the IT system to request a scan or review a case.
"We still cannot send anything out of the trust, so consultants are doing night shifts to report instead of outsourcing to external companies. This is manageable for a few days, but hopefully everything will be up and running again soon," she said.
Learning the lessons
One positive outcome of this incident appears to be renewed vigilance for, and increased awareness of, personal and professional web safety.
A senior U.K. radiologist told AuntMinnieEurope.com, "As a home user I have just purchased an external hard drive to back up all of my personal files, and this is definitely in response to the cyberattack. I do keep up to date with all the Windows 10 updates and I use Kaspersky virus protection, but I think the added security of external backup is sensible."
The whole episode underlines the need to install software updates and remove antiquated operating systems, said Dr. Christopher Clarke, a radiology fellow at Leeds Teaching Hospitals and founder and editor of the Radiology Cafe website. The big challenge, though, is that most clinical staff have little or no interest in IT issues.
"It's easy to think to yourself: Why care about the operating system we're using as long as it does the job?" he pointed out. "My cousin works as a GP in Yorkshire and she was hit quite badly by the cyberattack, but she said she didn't even know whether she used Apple or Windows, never mind about what operating system she had -- yet she's on the computer all the time!"
Fenn reckons there is a need to work with suppliers to ensure that critical security fixes from Microsoft are tested, approved, and installed more frequently than the historical annual service visit approach, with the same strategy applied to IT and the Windows desktops, which he believes will need updating much more frequently.
It's most important now to learn from "a partly dire situation" and focus on the key learning points: All of us tend to rely too much on email, and we should beware of outsourcing everything because if IT breaks down there won't be enough local resources to do the clinical work, according to Nyhsen.
"It will be interesting to see what changes this incident will bring. It is a wake-up call for all trusts who neglected to invest in a proper IT department and have old computers. Is Microsoft the best? I doubt it, because it's very vulnerable to attacks," she concluded. "The next attack will be worse, and there are many greedy hackers just waiting out there, I have no doubt."