Cybersecurity attacks are the healthcare sector’s top health technology hazard for 2022, according to ECRI, an independent, nonprofit organization that provides technology solutions and evidence-based guidance to healthcare decision-makers worldwide.
The organization also included supply chain shortfalls, inadequate emergency stockpiles, and ineffective disposable gowns as top concerns for 2022.
According to ECRI, cybersecurity attacks can disrupt more than business operations, warns the nation’s largest federally designated patient safety organization—they can disrupt patient care, and thus pose a real threat of physical harm. All healthcare organizations are subject to cybersecurity incidents, ECRI says.
“The question is not whether a given facility will be attacked, but when,” says Marcus Schabacker, MD, PhD, president and chief executive officer of ECRI. “Responding to these risks requires not only a robust security program to prevent attacks from reaching critical devices and systems, but also a plan for maintaining patient care when they do. ECRI’s new guidance can help leaders be better prepared to protect their facilities and keep patients safe.”
Healthcare providers today depend on network-connected medical devices and data systems to deliver safe and effective patient care. A cybersecurity incident that compromises those devices or systems could lead to the rescheduling of appointments and surgeries, the diversion of emergency vehicles, or the closure of care units or even whole organizations—all of which could put patients at risk.
During the past five years, ECRI’s healthcare recall, hazards, and cyber alert notification service has included 173 medical device cybersecurity alerts; 13 of those have been cybersecurity-related FDA recalls. Affected devices and systems include MRI systems, physiologic monitors, infusion pumps, and lab analyzers.
“ECRI remains committed to building awareness about technology hazards to keep patients safe, especially for those technologies that may not have gotten the needed attention during the pandemic,” adds Schabacker.
ECRI’s Top 10 Health Technology Hazards for 2022 are as follows:
- Cybersecurity Attacks Can Disrupt Healthcare Delivery, Impacting Patient Safety
- Supply Chain Shortfalls Pose Risks to Patient Care
- Damaged Infusion Pumps Can Cause Medication Errors
- Inadequate Emergency Stockpiles Could Disrupt Patient Care During a Public Health Emergency
- Telehealth Workflow and Human Factors Shortcomings Can Cause Poor Outcomes
- Failure to Adhere to Syringe Pump Best Practices Can Lead to Dangerous Medication Delivery Errors
- AI-Based Reconstruction Can Distort Images, Threatening Diagnostic Outcomes
- Poor Duodenoscope Reprocessing Ergonomics and Workflows Put Healthcare Workers and Patients at Risk
- Disposable Gowns with Insufficient Barrier Protection Put Wearers at Risk
- Wi-Fi Dropouts and Dead Zones Can Lead to Patient Care Delays, Injuries, and Deaths
ECRI’s annual report, now in its 15th year, identifies health technology concerns that warrant attention by healthcare leaders. ECRI’s team of biomedical engineers, clinicians, and healthcare management experts follows a rigorous review process to select topics for the annual list, drawing insight from incident investigations, reporting databases, and independent medical device testing.
The full Top 10 Health Technology Hazards report, accessible to ECRI members, provides detailed steps that organizations can proactively take to prevent adverse incidents. An executive brief version is available for complimentary download at www.ecri.org/2022hazards.