Healthcare systems and laboratories must now proactively plan for cybercrime events. What was once considered a rare or “never event” has rapidly become a significant concern for the healthcare industry. According to Beckers Health IT, the incidence of cyberattacks on healthcare systems nearly doubled in 2024, rising from 46 to 86 reported incidents (Emisoft, 2024). Many prominent hospitals fell victim to ransomware attacks, which disrupted access to critical data systems. As the frequency of these attacks escalates, the healthcare sector is bracing for even more cybersecurity challenges in 2025.

Laboratories, which manage vast amounts of sensitive patient data—accounting for over 70% of a patient's medical record—are prime targets for cybercriminals. The Laboratory Information System (LIS) is a focal point of these threats, alongside the broader medical record infrastructure. A cyberattack on a healthcare organization can have far-reaching consequences, especially when it results in extended downtime for systems that directly support patient care. For instance, a healthcare system in Texas experienced a two-week outage in 2024 due to a ransomware attack (Beckers, 2024).

Given the critical role laboratories play in patient care, it is imperative for them to plan as though they could face extended periods without electronic systems—potentially weeks. Hopeful optimism alone is not enough. Laboratories must adopt a risk-aware strategy and integrate comprehensive downtime procedures into their long-term business continuity plans. Planning for the worst while hoping for the best is crucial for ensuring the resilience of laboratory operations during a cyber crisis.

Lab leadership, in collaboration with their IT and LIS teams, must develop multi-scenario responses to ensure continued operation in the event of prolonged downtime. While regulatory bodies like CAP, CLIA, and the Joint Commission require laboratories to have a downtime plan, most labs have only prepared for brief outages—rarely considering prolonged disruptions. Given that LIS systems are typically reliable with robust support structures in place, many labs have never experienced a complete system failure that halts all electronic processes. However, as cyberattacks become more sophisticated and pervasive, the need for comprehensive downtime preparedness has become more important when it can be for days and weeks.

By anticipating extended downtimes, laboratories can safeguard against the severe consequences of cybercrime and ensure that patient care continues without disruption, even in the face of extended system outages.

Understanding Cybersecurity Risks in Laboratories: Preparing for Cyber Crime

Cybercrime is an ever-present threat to organizations across various industries, and laboratories are no exception. Cyberattacks can take many forms, from phishing emails and malicious malware to sophisticated hacks targeting an organization's infrastructure, often resulting in ransom demands. These cyber events can have far-reaching consequences, potentially affecting one or more critical internal systems that laboratories rely on for daily operations.

For laboratories, it is crucial to plan and prepare for these types of disruptions to ensure the continuity of patient care. Understanding how a cyberattack might impact internal systems and operations is essential for a quick, effective response. In the face of a disaster, having a well-defined downtime response strategy is key to mitigating the effects of a system failure.

Mapping System Functionality: A Critical Component of Cybersecurity Planning

Laboratories must map out their system dependencies to understand the potential impact of a cyber event on patient care. Knowing which internal systems are critical to laboratory operations and which can be temporarily sidelined is vital. This map should not only outline the systems in use but also define how they interconnect and the data flow between them. Every team member, from laboratory technicians to senior management, should have a clear understanding of this map. A comprehensive, easy-to-understand system functionality guide should be available and accessible to ensure all personnel can respond appropriately during a crisis.

Performing a Cybersecurity Risk Assessment

To prepare for potential cyber incidents, laboratories should conduct a thorough risk assessment. This assessment should involve both laboratory staff and IT teams evaluating the risks posed by cybercrime and the potential consequences for patient care. While IT professionals are adept at identifying risks related to cybercrime, they may not fully grasp the real-world implications of a system’s failure—such as the loss of communication and functionality between systems. That's why it's crucial for both technical and operational teams to collaborate on disaster planning.

Risk Analysis Projects: Preparing Front-Line Staff for System Failures

Two key risk analysis projects should be conducted to ensure that frontline laboratory staff are well-equipped to handle the loss of critical systems and continue providing patient care:

System Diagram: Create a comprehensive diagram that illustrates how all laboratory systems are interconnected, highlighting data flow and dependencies. This will help staff understand how systems interact, and which ones are essential for daily operations.

System Descriptions and Response Protocols: Develop clear descriptions for each system that the lab relies on. For each critical system, outline the potential consequences of losing access and provide detailed response protocols for laboratory personnel to follow. This ensures that staff members know exactly how to maintain laboratory operations, even in the absence of key systems.

Creating an Equipment Inventory for Laboratory Downtime Preparedness

Laboratories rely heavily on specialized equipment for daily operations, from analytical instruments to printers and barcode scanners. These devices often operate as part of an interconnected system, making it essential for laboratory personnel to know how to manage them during downtime scenarios—especially when there is no internal internet connection to link to Laboratory Information Systems (LIS) or Electronic Medical Records (EMR) or operating internal intranet.

Performing a comprehensive equipment inventory is a critical step in preparing for potential disruptions. This inventory ensures that laboratories can continue operations efficiently even when system connectivity is lost, and it helps identify what is needed to operate equipment in offline mode.

Key Considerations for Equipment Inventory in Downtime Scenarios

In the event of a system outage, it's crucial to assess how each piece of equipment operates independently. Can instruments function without a connection to the LIS or EMR? For example, how can the lab identify and track samples if barcode scanning isn't possible? It’s essential to identify alternative methods for labeling and tracking samples when typical barcode and system integrations are unavailable.

An equipment inventory should answer these questions and help ensure that laboratory personnel can maintain essential operations even without access to digital systems.

1.    Phones/Communication

Many laboratory phones depend on internet connections, which can become inoperable during system outages. Various alternative methods can be utilized to ensure communication during downtime. However, organizations must carefully evaluate these methods, particularly regarding the handling of patient data. These options should primarily be restricted to operational discussions and must not be used to share patient information.

• Purchase Stand-Alone Phones: Invest in phones that operate independently of internet connections, such as those using approved cellular networks.

• Leverage Wi-Fi Direct: Utilize peer-to-peer communication through Wi-Fi Direct for localized communication.

• Hard-Wired Phones and Satellite Phones: Establish a backup system with hard-wired or satellite phones to ensure uninterrupted communication.

• Messaging Application: Utilize a messaging platform (e.g., WhatsApp) to enable fast and efficient communication with internal lab staff, key hospital coordinators, and leadership teams.

The key is identifying and implementing a secondary communication method to maintain connectivity when internal phone systems fail.

2. Stand-alone laptops to Generate Data

While individual instruments can generate results, specialized instrumentation and complex analyses often require additional resources:

• Consolidate Results: Use stand-alone laptops to gather and compile data from various instruments into unified patient reports.

• Manual Data Management: Be prepared to handle calculations and morphology results manually if needed. Ensure laptops are equipped with the necessary software and securely stored for emergencies.

3. Critical Supplies

A dependable stock of downtime supplies is essential to maintaining operations during system outages. Your inventory protocols should clearly identify the critical supplies required for such events. These may include backup thermometers, manual pipettes, paper, pens, and other essential items not typically used during normal operations. By proactively preparing for downtime scenarios, you can ensure seamless continuity and minimize disruptions.

Consider the recommendations:

• Stock Downtime Labels: Ensure an adequate supply of labels to cover an extended period of downtime. Train employees on their location and usage.

• Test Equipment Compatibility: Regularly test all instruments and equipment to confirm compatibility with downtime labels, especially when introducing new devices.

• Plan for Un-Barcoded Specimens: Establish workflows to handle specimens that cannot be barcoded if label supplies are exhausted.

• Additional Printers: Maintain backup printers to generate downtime labels in case the primary printer fails or demand increases.

• Supplier Relationships: Build relationships with suppliers who can provide emergency label stock quickly when needed.

4. Manual Orders and Result Requisitions

During a system outage, laboratories must be ready to process orders and report results manually:

• Hard Copy Requisitions: Use physical requisition forms to receive and document orders and results.

• Standardized Reporting Format: Ensure the availability of a clear, consistent reporting format, including up-to-date test information, reference ranges, and critical values.

• Employee Training: Train staff to manage manual processes effectively to maintain accuracy and consistency in reporting.

Preparing for downtime requires proactive planning and resource allocation. By addressing communication, data management, labeling, and manual processes, laboratories can ensure uninterrupted operations and maintain high standards of care during system outages.

Downtime Communication: Building a Resilient Plan for Critical Operations

In any downtime scenario, a well-structured and multi-faceted communication plan is essential for maintaining operations and ensuring patient care continuity. This plan must be robust enough to endure days or even weeks of disruption and should be seamlessly integrate with hospital IT continuity plans. Effective communication is the backbone of coordinated efforts, especially during full system failures when manual methods, such as paper-based communication, may become necessary.

Here are key considerations to include in your downtime communication strategy:

1. Develop an Organizational Cyber Event Communication Plan

Prepare a comprehensive communication framework that specifically addresses the unique challenges posed by cyber incidents. This plan should define clear protocols for information flow during an IT outage.

2. Maintain Updated Personnel Rosters

Ensure all personnel contact lists are current and include redundant methods of communication, such as personal cell phones, pagers, or other non-digital alternatives.

3. Establish Internal Communication Processes

Define and document communication methods within and between departments to facilitate seamless information transfer during shift changes and transitions.

4. Prevent Unauthorized Communication Channels

To maintain clarity and control, establish protocols that prevent individuals from creating unauthorized or ad-hoc communication tools. A standardized approach ensures consistency and accuracy

Supporting Staff During Extended Downtime

When downtime stretches beyond your typical backup plans, additional measures may be necessary to keep critical operations running smoothly:

• Leverage Standby Staff: Ensure departments, such as the lab, can call in backup personnel or redeploy employees from other areas of the hospital.

• Utilize Staff from Non-Operational Departments: Employees from departments that are fully down can serve as runners to transport specimens, results, and supplies between areas.

• Optimize Resource Allocation: Identify non-clinical staff who can temporarily support operational tasks, keeping communication current and accurate across all departments.

By planning for these contingencies, you can minimize disruptions and maintain essential services even during prolonged downtimes.

The Bottom Line

A well-prepared downtime communication plan is not just a safeguard, it’s a critical component of resilience for any healthcare organization. By addressing these considerations and fostering cross-departmental collaboration, you can ensure continuity of care and operational efficiency, even in the face of significant disruptions.

Fine-Tune Your Staff's Downtime Knowledge

Preparing your staff for downtime scenarios is critical to ensure smooth operations during unexpected disruptions. Regular reviews, hands-on training, and updates to reporting tools can make all the difference. Here are three essential steps to fine-tune your staff's downtime knowledge:

1.    Regularly Review Downtime Policies

Ensure your team is familiar with the most up-to-date policies, procedures, and known threats. Schedule periodic reviews to reinforce understanding and address changes, keeping everyone prepared for emerging challenges.

 2.    Conduct Routine Training Drills

Run regular training sessions that incorporate the use of downtime-specific equipment, such as manual labels and result and incident forms. Dry runs can help ensure that all equipment is operational, and that staff are comfortable with manual processes before a real downtime event occurs.

 3.    Keep Backup Equipment & Supplies Operational

Perform routine maintenance on backup equipment to ensure reliable performance during extended downtime events. Regularly verify that all printers, backup analytical instruments, and equipment are operational and ready for immediate use. Maintain sufficient inventories of essential supplies, such as labels, forms, thermometers, and other long-term analytical materials, to support uninterrupted operations.

 4.    Update Reporting Formats and Templates

Keep your downtime reporting tools current by incorporating the latest references, critical ranges, and procedural updates. Clear, accurate templates reduce errors and streamline communication during downtime scenarios.

By proactively refining your staff’s knowledge and readiness, you can minimize the impact of system failures and ensure continuity of care. Regular training and policy updates are key to maintaining confidence and efficiency in challenging situations.

Reference

Becker's Hospital Review. (2024, January 16). Health system ransomware attacks double in 24 months. Retrieved from https://www.beckershospitalreview.com/cybersecurity/health-system-ransomware-attacks-double-in-24.html