The CIPHER Cube Models
Author: Dr Isabel Straw, as part of the H3RP Programme at UC San Diego
CIPHER was built to predict Cyberattack Impacts, Patient Harms and effective Emergency Response. The CIPHER models on this page draw from the datasets described on the homepage, consisting of the "Hospital Attacks" database (from academic literature) and the "Social Media Impacts" database drawn from Reddit data. In the models below these harms are displayed as patient safety incidents, occuring over time from the onset of the cyberattack, across the different clinical specialties and affected technical domanis. The CIPHER Cube Models introduce a new approach for modelling patient harms during healthcare cyberattacks, drawing on traditional population health modelling, combined with the latest insights on cyberattack-induced harms.
The interactive "Hospital at Ransom" cube below is a template model developed for our hospital context and published open-source alongside our databases. For these models to be effective for local hospital context, users will need to update the "At Risk Patient Groups" and "Impact Scores" for their local patient population and disease burden (See the GitHub Repository on the homepage).
The "Hospital at Ransom" Cube
The 3D visualisation maps document patient harms during hospital cyberattacks. These harms are drawn from two databases. First, our academic database which populates the "Hospital Attacks Database" accessible from the homepage, built from a systematic review of 1250 published research articles. Second, our patient harms database drawn from social media data and also referenced on the homepage. All of these patient harms can be visualised on the plot below, and can be adjusted to just include academically validated data, or all resources including the social media data. Each data point on the 3D visulisatoin represents a specific patient safety incident, which you can hover over for brief information, or click on for the full background and link to source reference:
- Spherical markers (●): Academic Data: Patient harms specific to a particular medical specialty, colour-coded according to the legend
- X markers (✕): Academic Data: Incidents that affect all medical specialties
- Diamond markers (♢): Social Media Data: Incidents reported online by staff and patients
Multi-Source Indicators: Data points with a red border indicate multiple source reports of the same incident type. Click on these for a comprehensive view of all related reports.
Interaction Guide: Hover over any point to see basic information about the incident. Click on a point to open a detailed information panel containing the incident description, time point, affected specialty, and reference information. Use the buttons below the graph for additional functionality, including filtering the model by clinical specialty and compressing to 2D graphs that model clinical impact over time (Hour 1 to day 28).
Customise View
Filter the cube to focus on specific specialties or technical domains most relevant to your hospital's context. This helps to understand how different areas of healthcare may be affected during a cyberattack.
Predict Specialty Impact
Use this function to compress the cube models to 2D time-series graphs (appearing below), which map the cumulative impact of all events at a specific time point (e.g. Hour 1), reflecting how patient impacts evolve over time. The impact scores embedded within these models were set by clinical researchers, who reviewed each patient harm and allocated an impact rating in terms of morbidity from 1 (minor) to 10 (critical, life-threatening).
Overall Clinical Impact
Generate a comprehensive visualization of the cumulative effects of a cyberattack across all hospital services over time. This provides an executive-level view of total organizational impact.