搜索结果：breach

Healthcare data breaches have increased in both frequency and severity, yet limited empirical evidence exists on the factors associated with large-scale breach events. To address this gap, this study analyzed breaches reported to the US Department of Health and Human Services Office of Civil Rights between 2010 and 2025 to determine predictors of large breaches. A total of 7327 breach reports from the Office for Civil Rights were analyzed. Logistic regression assessed predictors of high‑severity incidents (≥ 100,000 individuals affected). Differences in breach size between incident types were assessed using Wilcoxon rank‑sum tests. Negative binomial regression modelled factors associated with breach magnitude and temporal trends in Hacking/IT classifications over time, adjusting for covariates. Breach sizes were highly right-skewed; the median breach affected 3892 individuals (IQR: 1255-19,471), and roughly 10% of the incidents accounted for the majority of individuals affected. Hacking/IT events were associated with severe breaches (OR = 2.6) and increased from 4% in 2010 to 80% in 2025. Network server incidents resulted in significantly larger breaches than device theft events. Business associate involvement was independently associated with a larger breach magnitude (IRR = 2.0). Hacking/IT mechanisms, network server involvement, and business associate participation were the strongest factors associated with breach severity and magnitude. These findings highlight persistent vulnerabilities in healthcare organizations and reinforce the need for targeted cybersecurity strategies. Over the past 15 years, healthcare organizations have experienced a steady rise in data breaches, many of which expose large amounts of patient information. Our analysis reviewed more than 7300 reported incidents to identify the factors linked with the most extensive breaches. Cyberattacks involving hacking were most frequently associated with large‑scale events, particularly when attackers accessed network servers. Breaches that involved business associates, such as external vendors, also tended to affect more individuals. Hacking became increasingly common over time and now represents the majority of breaches. These results highlight critical weaknesses in healthcare systems and emphasize the need for stronger security practices and tighter oversight of third‑party partners.

Study DesignProspective single-arm cohort study.ObjectivesCervical pedicle screws (CPS) offer superior biomechanical stability compared with lateral mass screws. However, their widespread adoption is constrained by narrow pedicle safety margins and the potential risk of neurovascular injury. This study aimed to describe the rationale of a novel triad-dependent technique (TDT) for subaxial CPS placement and to evaluate its accuracy and safety.MethodsBetween May 2023 and April 2025, 63 consecutive patients undergoing posterior subaxial (C3-C6) cervical instrumentation at our institution were screened for eligibility. CPS were inserted using the TDT, which integrates individualized morphometric preoperative planning, intraoperative fluoroscopic guidance, and continuous tactile monitoring via mini-laminotomy. Postoperative CT was used to assess screw accuracy using the 2-mm breach classification. Multinomial logistic regression was performed to identify risk factors for breach.ResultsA total of 204 CPS were inserted in 41 patients. No breach was observed in 174 screws (85.3%), while 30 screws (14.7%) demonstrated breach, including 18 medial and 12 lateral violations. No neurovascular complications were observed in this cohort. Pedicle diameter <4&#xa0;mm significantly increased the risk of both medial and lateral breach, while medial wall thickness showed direction-specific effects on breach risk.ConclusionsThe TDT demonstrates the feasibility of accurate and safe subaxial CPS placement. By integrating individualized morphometric planning with fluoroscopic and tactile safeguards, TDT effectively mitigates both medial and lateral breach risks and may expand the safe application of CPS fixation.

IntroductionLateral mass screws are widely used in the sub-axial cervical spine but have poor pullout strength and result in a screw tulip that is medial, which limits both rod passage to nearby pedicle screws and the ability to centrally decompress the canal after screw placement. True pedicle screws have the highest pullout strength, but carry neurovascular risk. The cervical pedicle inlet (CPI) trajectory is a novel technique that involves a lateral starting point similar to a true pedicle screw, but the tip of the screw stops in the dense bone at the pedicle inlet, thus limiting neurovascular risk. Prior biomechanical studies have demonstrated increased pullout strength relative to lateral mass (LM) screws, but no clinical series have been published. The purpose of this study is to provide a preliminary clinical report on the radiographic and safety profile of this novel screw trajectory.MethodsWe retrospectively reviewed 388 screws placed from C3-7 from 64 consecutive cases of cervico-thoracic fusion from a single surgeon at a single center. All patients were &#x2265;18 years and underwent posterior cervico-thoracic fusion with navigated CPI screw placement in the sub-axial cervical spine between 2020 and 2025. Intra-operative CT scans were available on all patients and were used to classify breaches with a modified Gertzbein-Robbins scale. Screws that were completely in bone were graded as "0," those with a 1-2&#xa0;mm breach were graded as "1," and screws with > 2&#xa0;mm breach and that were removed or repositioned intra-operatively were graded as "2."ResultsA total of 388 screws were placed. (292 CPI, 47 LM, 49 pedicle). For the CPI screws, 79% (232/292) were grade 0 (completely in bone), 18% (54/292) were grade 1 (1-2&#xa0;mm breach), and 2% (6/292) were grade 2 (removed or repositioned intra-operatively). For the LM screws, 72% (34/47) were grade 0, 28% (13/47) were grade 1, and 0% (0/47) were grade 2. For pedicle screws, 61% (30/49) were grade 0, 29% (14/49) were grade 1, and 10% (5/49) were grade 2. CPI screws were more likely than LM or pedicle screws to be grade 0 (P < 0.01). Ten patients experienced some type of early post-operative complication, including delayed C5 palsy (6%, n = 4), superficial infection (3% n = 2), dysphagia (3%, n = 2), or other (3%, n = 2). There were no cases of return to OR for screw malposition or neurovascular injury related to screw placement, and no cases of CPI screw pullout or loosening within 6 months of surgery.ConclusionThe use of navigation allows for safe screw placement along the CPI trajectory, with no recorded screw related complications. For patients with cervical pedicles that are too small to accept a true pedicle screw, the CPI trajectory is a reasonable alternative.

Outbreak investigations of two carbapenemase-producing bacteria (CPB)-clusters identified a link to utility room wastewater drains (URWD), prompting an investigation into CPB-colonization of the hospital's URWD and into utility room management to identify possible breaches in infection prevention and control (IPC) measures. At the University Hospital Basel, Switzerland, a cluster of four patients with VIM-1-producing Enterobacter hormaechei and two patients with KPC-3-producing Citrobacter freundii, occurred between 07/2022 - 07/2024. A multidisciplinary team (IPC specialists, nurses, cleaning experts) evaluated utility room management. Wastewater drains in affected patient rooms and 25 utility rooms of the hospital building (including two wards in which the two transmission-cluster occurred) affected by the clusters were screened for CPB-colonization and whole genome sequencing was performed on clinical and environmental CPB isolates. The blaVIM-1 and the blaKPC-3 gene corresponding to both clusters were identified in sequences of Citrobacter freundii and Klebsiella pneumoniae isolates colonizing the ward's URWD. Colonized drains were in proximity to affected patient's rooms, while none of the wastewater drains in the respective patient rooms was colonized with CPB. Overall, CPB were identified in 52% of all URWD. Several breaches in utility room management and design facilitating colonization with CPB and potentially leading to contamination of shared medical equipment by dispersal were observed, including lacking separation between clean and contaminated zones in utility rooms (34%), and improper use of contaminated zones for storage of clean shared medical equipment (88.7%). URWD serve as reservoirs for CPB. Breaches in utility room management and design, potentially leading to contamination of shared medical equipment by dispersal from contaminated wastewater drains, represent an intervention target for prevention of CPB-transmission.

Pedicle screw fixation is a cornerstone of spinal fusion surgery due to its superior biomechanical stability. While conventional Kirschner wire (K-wire)-guided techniques are widely used, they involve multiple steps and are associated with specific complications. The introduction of the tip-tap awl allows for a guidewireless, single-pass insertion technique, potentially improving surgical efficiency while maintaining accuracy. A retrospective analysis was conducted on patients who underwent minimally invasive spine surgery (MISS) with navigated pedicle screw (Medtronic, Littleton, USA) insertion at a single tertiary center. Two&#xa0;navigated techniques were compared: the conventional K-wire-guided method and a guidewireless method using a navigated tip-tap awl (Medtronic, Minneapolis, USA). Data on intraoperative workflow, screw insertion time, complications, and breach rates were collected and analyzed. A total of 488 screws were evaluated in 122 patients. Screws were placed using either the guidewire method (56 patients) or the guidewireless method (66 patients). Both groups showed high accuracy, with minimal breach rates and no clinically significant postoperative complications. The guidewireless method required fewer procedural steps and demonstrated an average reduction in screw insertion time of 1.30 minutes per screw. The tip-tap awl simplified screw insertion by combining entry and tapping into a single navigated step. This streamlining of the procedure contributed to a more efficient surgical workflow. Despite fewer steps, complication and breach rates remained comparable to the traditional technique, indicating that safety and accuracy were not compromised. In this retrospective cohort, the guidewireless technique was associated with reduced screw insertion times and a favorable safety profile, suggesting it may serve as an efficient alternative to traditional methods.

Sterility errors in orthopaedic surgery are under-recognized and lack specific management guidelines. We describe a case of inadvertent implantation of a non sterilized distal radius plate and propose a structured, mechanism-based framework for risk assessment and decision-making in such scenarios. A root cause analysis (RCA) was conducted to identify contributing factors at organisational, human and system levels. The patient's treatment involved leaving the implant in place while administering antibiotics (amoxicillin/clavulanic acid for 7 days), with a 4-year follow-up showing no infection. The RCA revealed multiple breaches in safety barriers, including unauthorized access to the sterilisation area, unchecked chemical indicators and insufficient staff supervision. Despite the sterility breach, no infection occurred, highlighting the role of rapid management and structured surveillance. This case underscores the need for standardized protocols to manage sterility breaches, including mandatory sterility verification and integration into surgical checklists. Our mechanism-based framework provides a practical tool for clinicians facing similar incidents, but further validation through multicentre studies is warranted.

An awake craniotomy (AC) is performed for cerebral tumours near or involving eloquent regions of the brain to maximise tumour resection whilst preserving neurological function. Reducing the risk of surgical site infections (SSI) is vital, as infections can delay adjuvant therapy. However, data on SSI requiring reoperation following AC in the United Kingdom remain limited. We performed a single-centre retrospective case series of all AC procedures between January 2015 and April 2023. Data were collected from the electronic health record on surgical indication, demographics, repeat surgeries and intra-operative details. Surgical site infections requiring re-operation (SSI-R) were identified through theatre records, microbiology results and clinical notes. Infection rates were compared with patients undergoing asleep craniotomies during the same period. A total of 131 ACs were performed on 109 patients. Six cases were complicated by SSI-R (4.6%; n=6). Five out of six patients had glioblastoma, IDH-wildtype (WHO Grade 4), whilst four involved ventricular breach during resection; four patients' infections also occurred after redo oncology surgery. No significant pre-operative comorbidities were identified. In comparison, 19 infections occurred among asleep craniotomy cases (3.0%), which was not statistically significant (odds ratio 1.57, 95% CI 0.61-4.00; p=0.413). Tumour grade reached statistical significance in the awake group. Over an 8-year period, the SSI-R rate was 4.6%, comparable to asleep craniotomy. There was an association with glioblastoma, redo surgery and breaching the ventricle during resection, concomitant with known risk factors for infection following cranial neurosurgery.

This paper contributes to a broader survivor-led program of research on second violence: the institutional reproduction of harm through systems formally designed to respond to violence. Within that broader program, the paper focuses on one police station encounter to examine how police contact can operate as a modifiable public health exposure in family and domestic violence response. Survivor-led autoethnographic case study. Data were drawn from The Second Violence, a four-year, ethics-approved autoethnographic study documenting lived experience of navigating police and other institutions after separation from an intimate relationship characterised by coercive control and violence. Focusing on a help-seeking episode in which I attended a local police station to report apparent breaches of a Family Violence Intervention Order, I analysed a vignette of this encounter, fieldnotes and analytic memos using feminist autoethnography and Cultural-Historical Activity Theory (CHAT) to examine how objects of work, rules and division of labour shaped safety outcomes. In this case, police contact operated as a second exposure to harm by intensifying psychological distress through disbelief, minimisation and dismissive institutional responses; delaying safety when patterns of coercive control were not recognised or recorded; leaving risk insufficiently addressed when apparent breaches were not enforced; and eroding trust in systems expected to be protective, with consequences for future help-seeking and engagement with services. This case suggests that violence prevention and public health responses should address not only perpetrators and primary incidents, but also institutional arrangements that may amplify or attenuate harm. Conceptualising policing as a modifiable public health exposure can inform trauma- and violence-informed practice, integrated risk assessment and survivor-led co-design of responses in which "do no further harm" is treated as a core outcome of family violence systems.

HIPAA breaches and unauthorized access to Electronic Health Records (EHRs) have been growing more likely due to the sudden digitalization of the healthcare sector. High endurance, privacy-based security practices have never been more in demand as hospitals and other medical facilities of this type have clung to the electronic system. The given study considers this problem by suggesting an anomaly detection model that determines the presence of abnormal or suspicious access patterns in EHR systems using Variational Autoencoders (VAEs). One of the main weaknesses of creating an efficient security model in the healthcare sector is that access to real-world information is limited and is constrained by privacy policies. To bridge this challenge, a synthetically enriched EHR access log dataset was generated and realistic features, including departmental affiliations, user roles, frequency of access, and timestamps, were ensured; the artificially generated dataset is, therefore, a close simulation of real-world hospital activities. By observing the access patterns of healthcare professionals that are generally typical in a latent space, the proposed VAE model can signal deviations that can indicate a possible security breach or policy violation without revealing or even relying on actual patient data, thus identifying both large and small-scale aberrations by modelling these latent representations. Evidence of the superiority of VAE-based detection over traditional machine learning algorithms, including Isolation Forest and One-Class Support Vector machines, using some key measures, like accuracy (F1-score: 0.93), lower false-positive rates, and greater sensitivity to noisy data, confirms this assertion. As a result, unsupervised deep generative modelling plus synthetic data generation provides a new, privacy-conserving approach to improving the cybersecurity of medical information systems. Based on the results, the VAE-based anomaly detection can become a trusted means of protecting sensitive healthcare infrastructure against the changing cyber risks.

Supply chains are increasingly vulnerable to Supply Chain Cyberattacks (SCCAs) that exploit third-party trust and bypass traditional perimeter-based defenses. This study investigates the propagation mechanisms, impacts, and governance of SCCAs through a qualitative multi-case analysis of seven landmark incidents across diverse sectors, including retail, logistics, energy, and healthcare. Drawing on the Supply Chain Cyber Security System (SCCSS) framework, we map attack vectors, internal escalation pathways, and recovery dynamics across IT, organizational, and supply chain subsystems. Our cross-case synthesis reveals that SCCAs predominantly originate from third-party connections (contractual governance failures) and escalate through four recurring propagation mechanisms-Network Flattening, Alert Paralysis, Operational Coupling, and Relational Weaponization. The scale of disruption is systematically amplified by inter-system coordination failures, while resilience emerges only when proactive information sharing is activated by strong internal organizational readiness. We introduce the concept of synergy dependency, demonstrating that external relational governance is hierarchically contingent on internal organizational controls, and reconceptualize Points of Penetration (PoPs) as dynamic transmission mechanisms that convert localized digital breaches into systemic operational paralysis. This research offers empirically grounded insights that adapt the SCCSS framework from a classificatory tool into a process-oriented model capable of explaining how cyber risk propagates as a lifecycle of entry, transmission, and interruption. The findings contribute analytical interpretations to supply chain governance theory by showing that cyber resilience is conditionally interdependent across subsystems. Practically, the study offers actionable guidance for implementing secure architecture, cross-organizational threat intelligence sharing, and supplier-support programs to strengthen the resilience of complex global supply chain ecosystems.

Living systems encode environmental history into material structure, enabling adaptive response thresholds, a capability lacking in synthetic materials with fixed thermal transitions. We present a thermodynamic approach that programs critical transition temperatures in polymer networks via salt-dependent thermal plasticity. Conditioning poly(vinyl propional) hydrogels at a swelling temperature Ts in Hofmeister-modulated media embeds thermal and saline history into equilibrium water content, which then dictates superheating-mediated nucleation upon heating. Two synergistic mechanisms: temperature-dependent miscibility encodes memory via adaptive swelling, while network elasticity gates nucleation barriers, giving Tc&#x2009;=&#x2009;Ts&#x2009;+&#x2009;&#x394;T, where &#x394;T is set by thermal history and salt identity. Structural characterization reveals a hierarchical architecture of tight physical crosslinks and loose co-evolving domains, offering a universal design rule for history-responsive materials. We demonstrate reprogrammable freeze-exposure indicators for vaccine cold-chain monitoring to quantify sub-zero breach severity and duration. This work establishes intelligent matter capable of autonomous sensing, memory, and adaptive actuation.

In June 2023, the Kakhovka Hydroelectric Power Plant's dam was destroyed by Russian troops, leaving large areas downstream flooded and an area upstream dried-up. Therefore, the objectives of this screening-level study were (i) to determine the content of organic pollutants in the alluvial soils that have dried-up and soils that are above the old water level, and (ii) to determine the pattern of accumulation of organic pollutants in the dried-up zone. The alluvial soils within the city of Zaporizhzhia were sampled from the superficial, 30&#xa0;cm, layer in six areas in the dried-up zone, drained after the dam's breach, and also in six areas in the floodplain above the former water level. The composition of organic pollutants was determined using the method of gas chromatography-mass spectrometry. The distribution of organic pollutants in the soils was analyzed based on the hygrophilicity index that we proposed, which was calculated as a ratio of the amount of compound in the soils of the dried-up zone to its amount in the dried-up zone and in unflooded areas together. We identified 155 organic compounds, 24 of which are hazardous toxicants that contaminate the environment. Those compounds were represented by polycyclic aromatic hydrocarbons, acid esters, aromatic heterocycles, and other compounds. This ecological pollution jeopardizes the urban landscapes of Zaporizhzhia and other setllemens on the banks of the former Kahovka Reservoir and the health of people in southern Ukraine.

Day-of-surgery cancellation of elective surgery causes patient harm, wastes theatre capacity, and reflects wider perioperative system pressure. In England, the principal public source for routine surveillance is the NHS England Quarterly Monitoring of Cancelled Operations (QMCO) collection, but direct comparison between NHS trusts and independent-sector providers remains methodologically difficult. This revised narrative review synthesised 10 publicly available NHS England datasets/documents and 13 supporting peer-reviewed or policy sources relevant to elective surgery cancellation and independent-sector provision. Publicly available national time-series data show that last-minute non-clinical cancellation rates have generally remained around 1% of elective admissions since the early 2000s, whereas the proportion of cancelled patients not treated within 28 days increased substantially after the COVID-19 pause in data collection. In the latest official commentary, 21,456 operations were cancelled at the last minute in the third quarter (Q3) 2025/26, and 4,821 patients (22.5%) breached the 28-day standard. Recent provider files identify only a small number of independent-sector organisations. Across the public extracts reviewed from 2021/22 to 2025/26 (Q1-Q3), identifiable independent-sector providers accounted for 296 cancellations versus 337,004 in NHS organisations, contributing under 0.2% of recorded cancellations in each year examined. However, the public files do not provide matched provider-level denominators or case-mix adjustment, and the reporting scope has changed over time. The main conclusion is therefore methodological: current public English data are suitable for surveillance of NHS-funded last-minute cancellations, but they do not permit a fair denominator-matched comparison of day-of-surgery cancellation rates between NHS trusts and private providers. Future comparative work will require linked activity denominators, transparent provider classification, and standardised sector-wide reporting.

As digital interactions continue to expand, securing online systems has become a fundamental priority. Multifactor authentication (MFA) plays a pivotal role in modern cybersecurity frameworks. Traditional approaches often exhibit weaknesses such as centralized vulnerabilities and limited adaptability to emerging threats. To address these concerns, this research introduces a novel Blockchain- based Multifactor Authentication (BMFA) system that enhances security, resilience, and scalability. This study provides an in-depth exploration of BMFA's conceptual architecture, operational mechanisms, and potential applications. By decentralizing authentication processes, BMFA reduces single points of failure and fortifies data integrity through cryptographic safeguards. Unlike conventional models, this approach distributes authentication data across multiple blockchain nodes. This reduces the risk of breaches while ensuring continuous availability. Moreover, BMFA improves user privacy via distributed consensus, minimizing dependency on centralized authentication servers. The proposed system demonstrates enhanced load-balancing (LB)capabilities. This makes it more suitable for high-demand environments as compared to existing MFA methods. The proposed system demonstrates improved load-balancing behavior under simulated conditions and distributes authentication verification across multiple nodes. The results indicate potential resilience improvements compared with centralized MFA approaches. However, the findings are based on analytical and simulation evaluation, and real-world deployment assessment remains future work.