4 minute read
Resident Diary
Under Attack
Clare Quigley reports from the cyber trenches
And then there was the cyberattack. One Friday morning, I was walking down the basement corridor towards the locker room to drop off my cycling gear. Michelle, one of the clinical nurse managers, stopped me. It was all over the media, apparently: a cyberattack had struck, targeting the whole Health Service Executive—or HSE, the Irish public health service. I did not realise what this meant, but it rapidly became more apparent.
We could not turn on the computers. Over the last year or so, there had been a valiant effort to transition to an electronic medical record. We had gotten familiar with the software slowly. Clinics initially did not run so smoothly, of course, while we were getting used to navigating the program. Where should I fit in the central corneal thickness? How do I add a nice diagram? Some of the teams, including those I worked with recently in the anterior segment, were especially keen on the new system. They were early adopters to the electronic record software. “I hope we catch them, and And so, the usual thick brown the crimes we charge them charts were being phased out, to be replaced by slim chartlets with correspond somehow to and an electronic record. But what happens then, when the suffering caused.” we cannot turn on the computers? Patients arrived for clinic, for surgery, but we could not access any of their electronically stored data. Some of them we knew well from frequent visits. Some of them, not so well. Some of them knew their treatment, their drops, their history. Some of them, but not all of them.
“Can you tell me why you are here today?” I would ask. “Unfortunately, with the cyberattack, we do not have access to your electronic file. Can you tell me your background history?”
This got old pretty quickly. At the top of my (now paper) clinical note, I got in the habit of writing *cyberattack* just to highlight to everyone looking back over the file that the interaction had taken place without any access to the patient’s electronic record.
In the clinics, imaging was still possible, so we could get OCTs for our patients. But we could not turn on the computers. So, we trooped up and down the corridor, to and from the photography department, to look at images on the OCT machines. Additionally, during the few weeks of the cyberattack, we could not look at past scans. So, I would see a patient in clinic who had a vein occlusion, or wet AMD, and have only the snapshot of today’s visual acuity and OCT to base a decision on; continue injections, or what to do? “Is your vision better, worse, or the same?” I would ask. Patients were understanding of the situation. I made sure to continue to write *cyberattack* somewhere on my notes. There were personal costs too. I had been given a work laptop, that I liked and had become dependent on. Whenever there was a Zoom meeting or conference, I used it, as the microphone on my personal laptop was broken. Otherwise, my old laptop worked well, so I had not replaced it yet. But now we were told any work device had to be returned to the IT department for cleaning. So, I surrendered my potentially compromised HSE laptop and went out straightaway that weekend to buy a new laptop. I had to have a working microphone; important online exams, including the EBOD, were looming. The layers of disruption seemed without end. I heard about problems with getting paid. The finance department would not have access to our overtime hours. We usually clock in and out, and our on-call hours make a significant contribution to our pay cheques. The same for the nurses, who do on-call too. There was a decision to pay us an average salary, which seemed fair.
Then it started to affect my fellowship applications. At this early stage in the process of finding a fellowship, getting my credentials recognised is mandatory, a relatively convoluted process at the best of times. But now, when I contacted the hospitals that I worked in previously, the HR departments informed me they could not verify my work history there, as they had no access to their records. Several plaintive phone calls and letters ensued.
The non-clinical administrative challenges were immense. For a few weeks, we were all working on paper, transported back to the 1970s. Eventually, all devices were cleaned, and a new server arrived. We could turn on the computers again. Warily we got back to usual.
I wonder about the people who attacked our health service and the damage they caused. Delayed chemotherapy and surgery, more advanced cancers. Deaths. A decision to target us in the middle of a pandemic. I hope we catch them, and the crimes we charge them with correspond somehow to the suffering caused.
