An Implementation of RT Emergency Preparedness System Based on a Minimal Disaster Recovery Solution
Abstract
Purpose
Ransomware keeps being a major threat to health care IT facilities including radiotherapy (RT). Such attacks may cause prolonged loss of access to the whole RT environment. To minimize the clinical impacts, we present here our implementation of an Emergency Preparedness System for Varian based sites.
Methods
This implementation contains two independent modules: data retrieval and offline treatment. Patients having RT plans ready for treatment are obtained through SQL DB query from the data retrieval module. Necessary information for uniquely identifying and contacting those patients, together with treatment schedules and other notes, are acquired too. DICOM RP/RS/CT/RI are retrieved through DICOM communication. The above are scheduled to run automatically and routinely. Once done, it disables the network interface and fully isolates itself. The offline treatment module is based on a minimal Disaster Recovery (DR) setup. We build this virtualized mini-DR site with duplications of the Active Directory server, Varian Service Platform, VA_TRANSFER sharing, and Aria DB server. Also included in this environment is a firewall router which configures the VLANs for Linacs and Varian servers, together with routing between VLANs. During emergency, this portable system is powered on and connected directly to Linacs. DICOM files for treatment are loaded to VA_TRANSFER to continue treatment in file mode, until the clinical system is back online.
Results
We implemented a RT Emergency Preparedness System which performs: (1) routine data retrieval for patients ready for treatment and (2) offline file mode treatment during emergency.
Conclusion
The air-gapped data retrieval module guarantees we have the latest copy of patient data, and the offline treatment module provides a minimal DR solution for treatment continuity during emergency. Together with departmental emergency policies, it is expected to help minimize unfavorable clinical impacts even if the whole RT platform is unavailable for a prolonged time.