Affordable Access

Publisher Website

Cybersecurity Challenges and the Academic Health Center: An Interactive Tabletop Simulation for Executives.

  • Maggio, Lauren A1
  • Dameff, Christian2
  • Kanter, Steven L3
  • Woods, Beau4
  • Tully, Jeffrey5
  • 1 L.A. Maggio is programs scholar, Association of Academic Health Centers, Washington, DC, and professor of medicine, Uniformed Services University of the Health Sciences, Bethesda, Maryland.
  • 2 C. Dameff is assistant professor of emergency medicine, biomedical informatics and computer science, University of California, San Diego, La Jolla, California.
  • 3 S.L. Kanter is president and CEO, Association of Academic Health Centers, Washington, DC.
  • 4 B. Woods is a cyber safety innovation fellow, Atlantic Council, and leader, I Am the Cavalry, Washington, DC.
  • 5 J. Tully is assistant professor of anesthesiology and pain medicine, University of California, Davis, Medical Center, Sacramento, California.
Published Article
Academic medicine : journal of the Association of American Medical Colleges
Publication Date
Jun 01, 2021
DOI: 10.1097/ACM.0000000000003859
PMID: 33239532


Academic health centers (AHCs) face cybersecurity vulnerabilities that have potential costs to an institution's finances, reputation, and ability to deliver care. Yet many AHC executives may not have sufficient knowledge of the potential impact of cyberattacks on institutional missions such as clinical care, research, and education. Improved cybersecurity awareness and education are areas of opportunity for many AHCs. The authors developed and facilitated a tabletop cybersecurity simulation at an international conference for AHC leaders in September 2019 to raise awareness of cybersecurity issues and threats and to provide a forum for discussions of concerns specific to CEOs and C-suite-level executives. The 3.5-hour interactive simulation used an evolving, 3-phase case study describing a hypothetical cyberattack on an AHC with a ransomware demand. The approximately 70 participants, from AHCs spanning 25 states and 11 countries, worked in teams and discussed how they would react if they held roles similar to their real-life positions. The authors provide the full scenario as a resource. The exercise was well received by the participants. In the postsession debrief, many participants noted that cybersecurity preparedness had not received the level of institutional attention given to threats such as epidemics or natural disasters. Significant variance in teams' courses of action during the simulation highlighted a lack of consensus with regard to foundational decisions. Participants identified this as an area that could be remedied by the development of guidelines or protocols. As health care cybersecurity challenges persist or grow in magnitude, AHCs will have increased opportunities to lead in the development of best practices for preparedness and response. AHCs are well positioned to work with clinicians, security professionals, regulators, law enforcement, and other stakeholders to develop tools and protocols to improve health care cybersecurity and better protect patients. Copyright © 2020 by the Association of American Medical Colleges.

Report this publication


Seen <100 times