To review Emergency Department internet connectivity, cyber risk factors, perception of risks and preparedness, security policies, training and mitigation strategies.

A validated targeted survey was sent to Canadian ED physicians and nurses between March 5, 2019 and April 28, 2019.

There were 349 responses, with physicians making up 84% of the respondents (59% urban teaching, 35% community teaching, 6% community non-teaching hospitals). All had multiple passwords, 93% had more than 1 user account, over 90% had to log repeatedly each workday, 52% had to change their passwords every 3 months, 75% had multiple methods of authentication and 53% reported using a terminal where someone else was already logged in. Passwords were used to review laboratory and radiology data, access medical records and manage patient flow. Majority of the respondents (51%) did not know if they worked with internet linked devices. Only 7% identified an ‘air gapped’ computer in their facility and 76% used personal devices for patient care, with less than a third of those allowing the IT department to review their device. A total of 26 respondents received no cyber security training.

This paper revealed significant computer-human interface dysfunctionality and readiness gaps in the event of an IT failure. These stemmed from poor system design, poor planning and lack of training. The paper identified areas with technical or training solutions and suggested mitigation strategies.