Cyberattacks Will Be The Top Health Tech Hazard This Year, ECRI Says

January 21, 2022 - ECRI predicted that cyberattacks will be the primary hazard in the health technology space this year in its latest report. The nonprofit organization listed ten health technology hazards that it predicts the healthcare sector will grapple with in the coming months.

To select the top ten hazards, ECRI engineers, clinicians, and analysts nominated topics for consideration and weighed the options in terms of severity, public profile, preventability, breadth, and insidiousness. 

Considering the influx of healthcare cyberattacks in recent years, ECRI’s decision to put cyberattacks at the top of its list was founded. Specifically, the organization predicted that cyberattacks will disrupt healthcare delivery and potentially pose risks to patient safety.

“A cybersecurity incident could threaten the network-connected medical devices and data systems that have become essential for safe and effective care delivery,” the report noted.

“Consequences may include rescheduling of appointments and surgeries, diversion of emergency vehicles, or closure of care units or even whole organizations—all of which could put patients at risk.”

ECRI noted that the negative consequences of a cyberattack can be thwarted if organizations prioritize cybersecurity.

"The question is not whether a given facility will be attacked, but when," Marcus Schabacker, MD, PhD, president and CEO of ECRI.

"Responding to these risks requires not only a robust security program to prevent attacks from reaching critical devices and systems, but also a plan for maintaining patient care when they do."

Behind cyberattacks, ECRI identified supply chain shortfalls as an emerging health tech hazard. The pandemic disrupted supply chain effectiveness across the globe and put manufacturers and distributors in a vulnerable position.

ECRI noted issues relating to the unavailability of products, which could result in an inability to treat patients effectively. Although not mentioned in the report, supply chain security issues have also been disrupting care and posing significant risks to critical infrastructure.

Third on the list was the issue of damaged infusion pumps that cause medication errors. Poor device design, improper cleaning methods, and misuse may contribute to infusion pump failures or incorrect medication doses if not addressed.

“Clinical staff need to be alert to signs of infusion pump damage, and they need to know how to respond if damage is suspected or observed,” the report urged.

“Nurse educators, central equipment distribution, clinical engineering, and pump manufacturers also have roles to play to avoid these problems and keep patients safe.”

In addition, recent discoveries surrounding software vulnerabilities in infusion pumps revealed significant gaps in medical device security that must be addressed.

ECRI identified other top health tech hazards including inadequate emergency stockpiles, telehealth workflow issues, failure to adhere to syringe pump best practices, AI-based reconstruction errors, poor duodenoscope reprocessing ergonomics and workflows, disposable gowns with insufficient barrier protections, and wi-fi dead zones.