"Ransomware and other cybersecurity threats" are the top health technology hazard for 2018, according to a report released this week by the ECRI Institute.
The ECRI Institute is a nonprofit organization focused on improving health care quality and safety.
To create the report, ECRI asked analysts, engineers, and scientists to rank their top health technology hazards based on research and clinician experience, as well as reports generated from ECRI's Problem Reporting Network. According to FierceHealthcare, ECRI's advisors and external analysts establish the rankings based on multiple factors, including how severe, frequent, and insidious each threat is.
Top 10 technology hazards
ECRI's top 10 technology hazards for 2018 are:
- Cybersecurity threats, including ransomware, which pose risks to patients;
- Endoscope reprocessing failures, which expose patients to possible infections;
- Mattresses and bed covers, which might be infected by microbiological substances or patients' bodily fluids;
- Missed alarms resulting from poorly configured secondary notification mechanisms and systems;
- Improperly cleaned medical equipment, which can lead to device malfunction;
- Unholstered electrosurgical active electrodes, which can result in burn injuries for patients;
- Inappropriate use of digital imaging tools, which could unnecessarily expose patients to radiation;
- Workarounds that could undermine the safety advantages of bar-coded medication administration systems;
- Flaws in medical device networking that postpone or undermine care delivery; and
- Slow adoption of safer enteral feeding connectors, which leaves patients at risk.
Cybersecurity poses a growing problem
According to ECRI, cybersecurity—which has made the list in the past, but has never before taken the top spot—is an increasing concern given the prevalence of large-scale cybersecurity attacks that shut down hospital networks, block EHR access, disable medical equipment, and impede care.
For instance, according to Modern Healthcare, the number of data breaches have increased in 2017, up 12.5% so far from 2016. Meanwhile, the WannaCry ransomware attack in May shut down a large part of the National Health System in the United Kingdom, and the NotPetya attack hit a West Virginia hospital in June, forcing the facility to rebuild its entire system, FierceHealthcare reports.
According to the ECRI report, such cybersecurity disruptions "can lead to canceled procedures and altered workflows (e.g., reverting to paper records)." The report stated, "They can also damage equipment and systems, expose sensitive data and force closures of entire care units. Ultimately, they can compromise or delay patient care, leading to patient harm."
To address the top 10 technology concerns, ECRI recommended health care organizations "careful[ly] manag[e] … technologies." Touching on cybersecurity in particular, Juuso Leinonen, product officer for health devices at ECRI, called for proactive collaboration. "This is an issue that needs to be tackled by all different departments within a health care facility," Leinonen said. "The collaboration between different departments, even the clinicians, is key to successful cybersecurity" (Sweeney, FierceHealthcare, 11/6; Arndt, Modern Healthcare, 11/6; Spitzer, Becker's Health IT & CIO Review, 11/6).
How to stop cyberattacks before they strike—and recover if you must
Health care organizations are under attack. Vicious threats like ransomware can significantly disrupt or even shut down clinical and business operations at a moment’s notice.
This infographic shows the six steps you need to follow to prepare and respond to a clinical crisis.