Risk Assessments/Management, Endpoint/Device Security, Ransomware

Cyberattacks top health tech hazard for 2022, says ECRI

Ambulances are seen at the Accident and Emergency department of St. Thomas’ Hospital on March 3, 2005, in London. (Photo by Graeme Robertson/Getty Images)

ECRI named cyberattacks as the No. 1 health tech hazard for 2022, following the momentum over the last year around patient safety risks posed by security incidents like ransomware attacks that can lead to healthcare delivery disruptions.

The annual top 10 health technology hazards list released by ECRI is meant to inform the healthcare sector of important safety issues tied to the use of medical devices and systems. The compilation for 2022 reflects the ongoing volatility in healthcare brought on by the continued COVID-19 pandemic response.

The list builds on last year’s theme: “the need to progress from just trying to cope during the pandemic to building stronger and more resilient processes, leveraging the innovations developed and the lessons learned along the way.”

ECRI’s Device Evaluation group has released this list for the last 15 years with hopes of improving the safe use of health tech, which “requires identifying possible sources of danger or difficulty with those technologies and taking steps to minimize the likelihood that adverse events will occur.”

In short, the list identifies potential dangerous sources on which entities should focus their attention in the coming year. The report authors explained that the list represents “problems that can be avoided or risks that can be minimized through the careful management of technologies.”

While cybersecurity is often listed, it’s one of the first times that cyberattacks tied to healthcare disruptions have made the list. The report authors echoed the continued concerns from industry stakeholders that “cybersecurity incidents don’t just interfere with business operations, they can disrupt patient care, posing a real threat of physical harm.”

The report reminds healthcare entities that every entity is a target and will likely be attacked. As such, it’s imperative to focus security efforts on protecting the tech that could directly impact patients if suddenly brought offline.

Cyberattacks can easily threaten network-connected medical devices and data systems, which can force providers to reschedule surgeries and appointments, divert emergency care or even close care sites — a critical risk amid COVID-19.

“Responding to these risks requires not only a robust security program to prevent attacks from reaching critical devices and systems, but also a plan for maintaining patient care when they do,” the report authors reminded healthcare entities.

The health tech hazards list also includes risks posed by supply chain shortfalls, potential medication errors caused by damaged infusion pumps, telehealth workflows and shortcomings of human factors that could lead to poor outcomes, and Wi-Fi dropouts and dead zones.

The ECRI report provides healthcare entities with a number of resources to support the proactive measures needed to tackle patient safety risks brought on by cyberattacks, as well as the other reported health tech hazards.

Jessica Davis

The voice of healthcare cybersecurity and policy for SC Media, CyberRisk Alliance, driving industry-specific coverage of what matters most to healthcare and continuing to build relationships with industry stakeholders.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.