• ESTRO framework for radiation...

*Result*: ESTRO framework for radiation oncology departments to mitigate against cyberattacks.

Title:
ESTRO framework for radiation oncology departments to mitigate against cyberattacks.
Authors:
Peters S; Department of Radiation Oncology, Kantonsspital St. Gallen, HOCH Health Ostschweiz, St. Gallen, Switzerland. Electronic address: samuel.peters@h-och.ch., O'Donovan A; Applied Radiation Therapy Trinity (ARTT), Discipline of Radiation Therapy, School of Medicine, Trinity St. James's Cancer Institute, Trinity College, Dublin, Ireland., Bellini M; Baloise Switzerland, Basel, Switzerland., Caissie A; Department of Radiation Oncology, Dalhousie University, Halifax, NS B3H 1V7, Canada., Coffey M; Applied Radiation Therapy Trinity (ARTT), Discipline of Radiation Therapy, School of Medicine, Trinity St. James's Cancer Institute, Trinity College, Dublin, Ireland., Dabach A; Department of Radiotherapy, Iridium Netwerk, ZAS (Ziekenhuis aan de Stroom), Antwerp, Belgium., Delaney GP; South-Western Sydney Medical School, University of New South Wales, Sydney, Australia; Ingham Health and Medical Research Institute, Sydney, Australia; Dept of Radiation Oncology, Liverpool Hospital, Sydney, Australia., Fischer PE; Lucerne University of Applied Sciences and Arts, School of Computer Science, Information Security & Privacy, Lucerne, Switzerland., Frenken G; Department of Radiation Oncology (Maastro), GROW Research Institute for Oncology and Reproduction, Maastricht University Medical Centre+, Maastricht, the Netherlands., Liszewski B; Ontario Health (Cancer Care Ontario), Ontario, Canada; University of Toronto, Department of Radiation Oncology, Toronto, Canada., Maingon P; Radiation Oncology Department, La Pitié Salpêtrière University Hospital, Assistance Publique des Hôpitaux de Paris, Sorbonne University, France., Messens E; Department of Radiotherapy, Iridium Netwerk, ZAS (Ziekenhuis aan de Stroom), Antwerp, Belgium., Perryck S; Department of Radiation Oncology, University Hospital Zürich, Zürich, Switzerland., Zhang B; Department of Radiation Oncology, University of Maryland School of Medicine, Baltimore, MD, USA., Reijnders-Thijssen P; Department of Radiation Oncology (Maastro), GROW Research Institute for Oncology and Reproduction, Maastricht University Medical Centre+, Maastricht, the Netherlands.
Source:
Radiotherapy and oncology : journal of the European Society for Therapeutic Radiology and Oncology [Radiother Oncol] 2026 Jan; Vol. 214, pp. 111305. Date of Electronic Publication: 2025 Nov 24.
Publication Type:
Journal Article; Systematic Review
Language:
English
Journal Info:
Publisher: Elsevier Scientific Publishers Country of Publication: Ireland NLM ID: 8407192 Publication Model: Print-Electronic Cited Medium: Internet ISSN: 1879-0887 (Electronic) Linking ISSN: 01678140 NLM ISO Abbreviation: Radiother Oncol Subsets: MEDLINE
Imprint Name(s):
Publication: Limerick : Elsevier Scientific Publishers
Original Publication: Amsterdam : Elsevier Science Publishers, c1983-
MeSH Terms:
Radiation Oncology*/organization & administration , Radiation Oncology*/standards , Computer Security*, Humans ; Patient Safety
Contributed Indexing:
Keywords: Business continuity management; Contingency strategy; Cyberattack; Cybersecurity; Incident response plan
Entry Date(s):
Date Created: 20251126 Date Completed: 20251219 Latest Revision: 20251230
Update Code:
20260130
DOI:
10.1016/j.radonc.2025.111305
PMID:
41297637
Database:
MEDLINE

*Further Information*

*Introduction: The healthcare sector, particularly radiation oncology departments, is facing an increasing threat of cyberattacks that compromise patient data, disrupt clinical workflows and endanger patient safety. These attacks highlight a critical lack of preparedness and the need for a structured approach to cybersecurity resilience. While other industries have comprehensive mitigation measures in place, specific guidance for radiotherapy is lacking. This paper aims to present practical and comprehensive recommendations for mitigating cyberattacks and minimising their direct impact on patient care in radiation therapy.
Methodology: Preparing this report involved three phases. First, the authors adapted existing international frameworks, such as the NIST CSF, to the specific needs of radiation oncology, resulting in a six-step framework: Preparation, Prevention, Detection, Response, Recovery and Debriefing and Continuous Improvement. Secondly, a systematic literature review was conducted using keywords related to cyberattacks in healthcare and radiotherapy. Third, the information extracted from the literature was aggregated and summarised into specific action measures, with final consensus being reached by the entire group based on their collective expertise.
Results: The literature review resulted in 133 relevant articles, which were then aggregated and formulated into 190 specific action measures in total. These were assigned to the 6 steps (43 for preparation, 28 for prevention, 14 for detection, 50 for response, 22 for recovery, 24 for debriefing and continuous improvement, and nine additional steps), enabling departments to be guided through the entire lifecycle of a cyberattack. Step 1: Preparation: This proactive phase of planning for potential cyberattacks involves thorough risk assessment and identification of all systems, tools and processes. A key component is the development of a detailed business continuity plan (BCP), which must include procedures for the offline treatment or referral of patients, communication and patient prioritisation. The plan should also define the roles and responsibilities of an interdisciplinary incident response team. Step 2 - Prevention: This step focuses on implementing proactive security measures to prevent attacks. This includes user training to raise awareness, regular system updates, and general protective measures. Step 3 - Detection: This step involves identifying suspicious activities within systems and networks. It emphasises the use of security tools for real-time monitoring and the establishment of clear communication processes to enable the prompt reporting and response to potential threats. Step 4: Respond: This is the central phase of a cyberattack, focusing on executing the BCP to ensure continuity of patient treatment as quickly as possible. This includes isolating affected systems and implementing continuity of treatment procedures, which may involve using analogue workflows or transferring patients to other hospitals. Step 5: Recovery: This step begins in parallel with step 4 and involves restoring data and systems from backups or rebuilding them from scratch. It is particularly important to carefully check the restoration and merging of data to avoid incorrect documentation or erroneous treatment. Step 6: Debriefing and continuous improvement: This post-incident step ensures that lessons learned are fed back into the preparation process. It involves a thorough analysis of what went right and wrong, leading to the adaptation of the BCP.
Conclusion: This framework aims to help departments create their own local protocols. Implementation of the framework will vary significantly between departments and preparing for an attack should be a high priority. Preparedness is not the sole responsibility of the RO staff or of the IT department; it requires comprehensive cooperation between IT specialists, clinical staff and system providers. Since the next cyberattack is not a question of 'if' but 'when,' healthcare providers must have a protocol in place that can be quickly implemented to prioritise patient well-being and safety.
(Copyright © 2025 The Authors. Published by Elsevier B.V. All rights reserved.)*

*Declaration of competing interest The authors declare that they have no known competing financial interests or personal relationships that could have appeared to influence the work reported in this paper.*