Synensys Safety Management Consultant Abigail Harte‑Williams, RN, BSN, JD, MPH, MS, CPPS, CPHRM, CPHFH, delivered a featured presentation at Dartmouth highlighting a cutting‑edge, systems‑based approach to strengthening healthcare cyber disaster preparedness. Her session, “The Road to Hell Is Paved with Good Intentions: A Control Chart‑Based Method for Improving Cyber Disaster Management Applications,” introduced a framework that integrates Systems Theoretic Process Analysis (STPA) with statistical process control to detect operational instability before it threatens patient care.
Harte‑Williams emphasized that although healthcare organizations increasingly invest in cybersecurity tools and safeguards, these controls can unintentionally introduce new risks when misaligned with clinical workflows or inadequately monitored. Her presentation reframed cyber incidents as patient safety and system‑resilience challenges, underscoring the need for proactive monitoring of real‑world clinical and technical feedback loops.
By applying STPA to healthcare cyber environments, Harte‑Williams demonstrated how unsafe control actions, system bottlenecks, and weak feedback mechanisms can escalate into patient‑impacting failures. She further showed how control charts can monitor indicators such as access delays, workarounds, and downtime signals, offering early warning signs of system degradation and enabling timely intervention.
Speaking to the importance of this systems based approach, Harte Williams noted:
“Healthcare cyber events are not just IT failures. They are system wide safety challenges that can quickly affect patients. When we pair STPA with control charts, we can track the signals that really matter, such as access delays, workarounds, and early signs of instability. These indicators often appear long before a disruption escalates into a disaster. My goal is to help organizations move beyond reactive compliance and toward proactive resilience, where cybersecurity and patient care work together instead of pulling in opposite directions.”
Abigail Harte-WilliamsRN, BSN, JD, MPH, MS, CPPS, CPHRM, CPHFH
The workshop also included multi‑hour networking and problem‑solving sessions, where Harte‑Williams and participants explored broader uses of STPA in healthcare disaster planning, including:
- Simulation coverage design, using STPA to map case types, system processes, and RACI structures to clarify responsibilities.
- Mass‑casualty and cyber downtime training, applying STPA to identify choke points, test downtime procedures, and validate how real‑world conditions align with modeled assumptions.
- Innovative hazard detection, focused on identifying silent lab test failures, including cases where dropped specimens in EMR systems lead to missed diagnoses, and introducing solutions such as automatic reorders and alerts for unresulted tests.
Harte‑Williams also highlighted opportunities to advance the field, including the need for domain‑specific language for STPA in healthcare and improved system‑instrumentation methods that make internal signals and feedback states easier to detect and analyze.
The Dartmouth workshop highlighted just how critical it is for healthcare organizations to view cyber preparedness through the lens of patient safety and system resilience. Synensys is proud to support this shift by equipping leaders and care teams with practical systems‑engineering tools that reveal risks before they become harm. Moving forward, Synensys remains committed to empowering hospitals and health systems with the knowledge, methods, and collaboration needed to protect the patients and communities they serve.
