HomeCybersecurity Attacks, the Top Health Tech Hazard for 2022, ECRI Cautions

Cybersecurity Attacks, the Top Health Tech Hazard for 2022, ECRI Cautions

ECRI, an independent, nonprofit organization offering tech solutions and evidence-based guidance to healthcare decision-makers worldwide, named cybersecurity attacks as the top health technology hazard for 2022 in its annual report, just released on January 18th.

All healthcare organizations are subject to cybersecurity incidents

This year’s Top 10 report cautions healthcare leaders about safety concerns with IT-related security challenges, COVID-19 supply chain shortages, telehealth, medication safety, and other device risks.

Cybersecurity incidents can disrupt more than business operations, warns the nation’s largest federally designated patient safety organization. These types of incidents not only prevent or disrupt patient care, posing a real threat to patients everywhere, but can also harm the healthcare organizations, by affecting trust, and no one is safe. All healthcare organizations are subject to cybersecurity incidents, cites ECRI in its report.

“The question is not whether a given facility will be attacked, but when,” said Marcus Schabacker, MD, Ph.D., president, and chief executive officer of ECRI. “Responding to these risks requires not only a robust security program to prevent attacks from reaching critical devices and systems, but also a plan for maintaining patient care when they do. ECRI’s new guidance can help leaders be better prepared to protect their facilities and keep patients safe.”

The healthcare cybersecurity market is growing, but also are the threats

Back in 2019, a report by Frost & Sullivan “The U.S. Healthcare Cybersecurity Market. Overcoming Barriers to Adoption In the Face of Increasing Threat,” provided essential healthcare cybersecurity market tracking data as well as revenue projections through 2023. According to that report, future U.S. healthcare IT spending was expected to increase across network perimeter protection, endpoint protection, access management, public-facing properties, detecting and mitigating exploits, and managed services, driving this market toward $8.70 billion by 2023.

Cybersecurity is not the only part of IT-related issues in healthcare that could cause problems. Electronic Health Records might also be corrupted or malfunction. According to an eye-opening study published in PLOS in 2019, bad EHR usability was not only posing a threat to health care quality but also increased the risk of data security breaches in an industry that was already grappling with rising cases of cybercrime and technology security issues.

173 medical device cybersecurity alerts in the last five years

Healthcare providers today depend on network-connected medical devices and data systems to deliver safe and effective patient care. A cybersecurity incident that compromises those devices or systems could lead to the rescheduling of appointments and surgeries, the diversion of emergency vehicles, or the closure of care units or even whole organizations—all of which could put patients at risk.

In the last five years, ECRI’s healthcare recall, hazards, and cyber alert notification service has included 173 medical device cybersecurity alerts, 13 of which have been cybersecurity-related FDA recalls. MRI systems, physiologic monitors, infusion pumps, and lab analyzers were among the affected devices and systems.  

“ECRI remains committed to building awareness about technology hazards to keep patients safe, especially for those technologies that may not have gotten the needed attention during the pandemic,” adds Schabacker. 

ECRI has delivered it’s annual report for the 15th year, identifying health technology concerns that warrant attention by healthcare leaders. ECRI has an entire team of biomedical engineers, clinicians, and healthcare management experts following a rigorous review process to select topics for the annual list. These professionals are analyzing incident investigations, reporting databases, and independent medical device testing to draw their own conclusions concerning issues that could transform into healthcare threats.

ECRI’s Top 10 Health Technology Hazards for 2022 are:

  1. Cybersecurity Attacks Can Disrupt Healthcare Delivery, Impacting Patient Safety     
  2. Supply Chain Shortfalls Pose Risks to Patient Care          
  3. Damaged Infusion Pumps Can Cause Medication Errors                      
  4. Inadequate Emergency Stockpiles Could Disrupt Patient Care during a Public Health Emergency              
  5. Telehealth Workflow and Human Factors Shortcomings Can Cause Poor Outcomes
  6. Failure to Adhere to Syringe Pump Best Practices Can Lead to Dangerous Medication Delivery Errors       
  7. AI-Based Reconstruction Can Distort Images, Threatening Diagnostic Outcomes       
  8. Poor Duodenoscope Reprocessing Ergonomics and Workflows Put Healthcare Workers and Patients at Risk           
  9. Disposable Gowns with Insufficient Barrier Protection Put Wearers at Risk
  10. Wi-Fi Dropouts and Dead Zones Can Lead to Patient Care Delays, Injuries, and Deaths

Damaged or hacked infusion pumps are a serious health risk 

After cyberattacks, ECRI predicted that supply chain problems and damaged infusion pumps are likely to cause issues in the health tech space this year. Not only the aforementioned damaged infusion pumps are a danger for patients, but also those whose vulnerabilities allow cyberattacks.  Such weak points discovered in two types of B. Braun infusion pumps may allow hackers to deliver double doses of medications to unsuspecting patients, exposing significant challenges to medical device security, McAfee researchers revealed in a recent disclosure report.

The full Top 10 Health Technology Hazards report, accessible to ECRI members, provides detailed steps needed so healthcare organizations could prevent such incidents. An executive brief version is available for complimentary download at www.ecri.org/2022hazards.

About ECRI

ECRI is an independent, nonprofit organization improving the safety, quality, and cost-effectiveness of care across all healthcare settings. With a focus on patient safety, evidence-based medicine, and health technology decision solutions, ECRI is respected and trusted by healthcare leaders and agencies worldwide. Over the past fifty years, ECRI has built its reputation on integrity and disciplined rigor, with an unwavering commitment to independence and strict conflict-of-interest rules.

Change Healthcare Buys Back eRx Network, sells Connected Analytics