Considering the increasing frequency of cyberattacks affecting multiple hospitals simultaneously, improving resilience at a network level is essential. Various countermeasures exist to improve resilience against cyberattacks, such as deploying controls that strengthen IT infrastructures to limit their impact, or enabling resource sharing, patient transfers and backup capacities to maintain services of hospitals in response to realized attacks. However, determining the most cost-effective combination among these wide range of countermeasures is a complex challenge, further intensified by constrained budgets and competing priorities between maintaining efficient daily hospital operations and investing in disaster preparedness. To address these challenges, we propose a defender-attacker-defender optimization model that supports decision-makers in identifying effective strategies for improving the resilience of a network of hospitals against cyberattacks. The model explicitly captures interdependence between hospital services and their supporting IT infrastructures. By doing so, cyberattacks can be directly translated into reductions of service capacities, which allows to assess proactive and reactive strategies on both the operational and technical sides within a single framework. Further, time-dependent resilience measures are incorporated as design objectives to account for the mid- to long-term consequences of cyberattacks. The model is validated based on the German hospital network, suggesting that enabling cooperation with backup capacities particularly in urban areas, alongside strengthening of IT infrastructures across all hospitals, are crucial strategies.

翻译：考虑到网络攻击日益频繁且同时影响多家医院，在网络层面提升韧性至关重要。存在多种提升网络攻击韧性的应对措施，例如部署控制措施以强化IT基础设施来限制攻击影响，或启用资源共享、患者转运和备用容量以维持医院服务来应对已发生的攻击。然而，在预算受限以及维持医院日常高效运营与投资灾害防备之间存在优先序竞争的情况下，从这些广泛的应对措施中确定最具成本效益的组合是一项复杂的挑战。为应对这些挑战，我们提出了一种防御者-攻击者-防御者优化模型，以支持决策者识别提升医院网络抵御网络攻击韧性的有效策略。该模型明确刻画了医院服务与其支撑IT基础设施之间的相互依赖关系。通过这种方式，网络攻击可直接转化为服务容量的削减，从而允许在单一框架内评估运营层面与技术层面的主动及被动策略。此外，模型将随时间变化的韧性度量作为设计目标纳入，以考量网络攻击的中长期后果。基于德国医院网络对该模型进行了验证，结果表明：启用以备用容量为基础的协作（尤其在城区），同时强化所有医院的IT基础设施，是关键策略。