J. F. Narvaez1, J. Zhao1, J. Pugh2, W. Guo1 1University at Buffalo,Department Of Surgery,Buffalo, NY, USA 2University at Buffalo,Department Of Emergency Medicine,Buffalo, NY, USA
Introduction: On April 9, 2017, Erie County Medical Center, Western New York’s sole level I trauma center was under cyberattack. The perpetrators utilized ransomware that gained access to the hospital’s web server and encrypted hospital data, forcing a system-wide downtime for nearly 2 months. Electronic medical records, imaging, and interdepartmental communication were severely affected, forcing the hospital to temporarily return to pre-EMR era operations. We examined the impact of this cyber disaster on the outcomes of trauma care.
Methods: Hospital trauma registry data and operating room case logs from April 9th through June 9th, 2017 were examined and compared to the previous year. Baseline characteristics were examined using the chi-square test for categorical variables and the Student’s t-test for continuous variables that were normally distributed.
Results: There were 427 trauma admissions with patients aged 50.91 ± 22.4 from April 9th – June 9th, 2017 (n=417, aged 50.57 ± 21.95 during the same period in 2016). Blunt to penetrating ratio was 8:1 in both years. The mean injury severity score was 10.33 ± 8.33 in 2017 vs 9.86 ± 6.52 in 2016, and revised trauma score was 7.40 ± 1.32 vs 7.56 ± 0.92. There were 504 trauma/acute care operations in 2017 compared to 565 in 2016. Mean ICU length of stay (LOS) was 5.08 ± 4.59 days and hospital LOS was 6.95 ± 6.63 days in 2017 vs 4.79 ± 4.45 and 6.65 ± 7.34 days, respectively, in 2016. The in-hospital mortality was 4.92% in 2017 compared to 2.9% in 2016. Of these discharges in 2017, 34.3% went to a rehabilitation facility, 64.4% were discharged home and 0.5% were transferred to a different hospital, compared with 37.2%, 60.6% and 0.7%, respectively, in 2016. There were no statistically significant differences in all reported covariates.
Conclusion: Our results suggest that trauma patient outcomes have remained optimal despite the temporary loss of electronic health records and computer functionality. This is likely due to operational back-ups in place, increased communication between providers and staff, prioritization of patient care over documentation/ electronic tasks, and increased resilience of surgical care providers. With cyber security threats increasing in healthcare, proper preparedness should be included at different levels in hospital operations. It is important to have policies, processes, and procedures in place for the hospital administration, information technology department, and clinical staff in order to continue to provide optimal care during such downtimes of unprecedented scale.
