CIPHER was built to model Cyberattack Impacts, Patient Harms and effective Emergency Response during IT downtime at healthcare organisations. To do this, our research collected examples of patient harms occuring during healthcare cyberattacks from diverse data sources, to form one combined 'CIPHER database' . The CIPHER models on this page draw from our two key datasets: (1) The "Hospital Attacks" dataset (a systematic review of global papers reporting healthcare cyberattacks), and (2) The "Patient Harms" dataset (extracted through data mining social media posts). From these two sources we created the full CIPHER dataset, available in the data folder in the GitHub Repo, which provides over 300 patient-level harms reported to have occured following a healthcare cyberattack.
Below you will find the interactive "Hospital at Ransom" cube, which is a demo model built from the CIPHER database, developed for a hypothetical hospital context. For these models to be effective for local hospital context, users would need to update the underlying data for the likely clinical impact in their hospitals. For instance, we have assigned 'Clinical Impact' scores to each patient safety incident in the CIPHER dataset, based on the likely effect in our hypothetical hospital (e.g. this hospital has a heavy reliance on e-Prescribing in the ER, thus loss of digital drug release would have a high degree of impact). By downloading the underlying datasets and contextualising impact for local circumstances, users can utilise the database of cyberattack-induced patient safety incidents and tailor the model to their environment.
The demo model provides an approach for minimising clinical surprise during hospital cyberattacks, by predicting potential adverse events from hour 1 of the cyberattack, to day 28. Users can filted the model to examine harms relevant to specifical technical domains (e.g. safety incidents related to loss of the laboratory systems) or specific clinical areas (e.g. harms likely to occur on paediatrics wards). The full models on the project website can also be manipulated to plot the 'Clinical Impact' scores on the Y axis, thus providing time-series predictions of potential clinical harm over time (from 24 hours to Day 28). By showcasing these diverse events, assigning clinical impact scores and identifying the at-risk patient groups and necessary medical interventions, these models can be used to enhance Cyberattack incident response processes to protect patient care.
Click on each data point below to view an information pane detailing the safety incident, and links to underlying source material
The 3D visualisation maps document patient harms during hospital cyberattacks. Each data point on the 3D visulisation represents a specific patient safety incident, which you can hover over for brief information, or click on the data point for the full details and background sources.
• ● Circles: Academic (specialty-specific) • ✕ X: Affects all specialties • ♦ Diamonds: Social media reports
Rotate, pan, zoom. Hover for details. Click a point for a full source panel; multi-source items provide next/previous navigation.
Domain (X) · Time Point (Y) · Specialty (Z). Markers are sized by reported Clinical Impact Score and jittered to reduce overlap.
Peer-reviewed literature and staff/patient reports from social platforms. Interpretation is for situational awareness, not clinical guidance.