Cybersecurity is Still The Top Tech Threat in Healthcare, According to ECRI

By Eric Wicklund

The threat of cybersecurity attacks is still the top technological threat to healthcare organizations, according to the ECRI Institute. But a problem cause by the two-year-old pandemic isn’t that far behind.

The Pennsylvania-based non-profit, which analyzes the safety, quality and cost-effectiveness of care across the healthcare spectrum, says the threat of unauthorized online access or a data breach is as high as ever, due in large part to the sophistication of the attackers and the growing value of medical data.

“The question is not whether a given facility will be attacked, but when,” Marcus Schabacker, MD, PhD, the ECRIs’ president and chief executive officer, says in a press release accompanying the Top 10 Health Technology Hazards for 2022. “Responding to these risks requires not only a robust security program to prevent attacks from reaching critical devices and systems, but also a plan for maintaining patient care when they do.”

Schabacker notes that health systems are placing more and more faith on connected technology and integrated data systems, expanding the potential for hackers to find a vulnerability. That could lead to rescheduled healthcare appointments or medical procedures, the diversion of emergency resources or even the closure of departments of organizations.

Other threats include hacked digital health devices or platforms that fail to do what they’re supposed to do, potentially putting patients at risk or allowing access into one’s home through compromised smart devices.

Second on the list of hazards is a relatively new threat: supply chain shortfalls. While the danger of running out of critical supplies has always been there, the pandemic has pushed that concern up a few notches, as evidenced by the first-ever blood crisis announced by the Red Cross. And with organizations struggling to keep up, they’re likely reducing their emergency stockpiles to inadequate levels, which is another threat on the ECRI’s list.

Telehealth is also on the list, coming in at No. 5. While advocates have long maintained that virtual care can be as effective or even better than in-person care, the risk of incomplete or incorrect care is there when that care is delivered by providers who aren’t taking the right steps to assure safety and accuracy. And that threat is heightened by the fact that so many healthcare organizations quickly jumped on the telehealth bandwagon during the pandemic.

Finally, the ECRI notes that unreliable broadband connectivity can create Wi-Fi dropouts and dead zones, which cause disruptions in care, perhaps even deaths. While the threat is evident in any wired hospital or clinic, it’s particularly evident in telehealth programs that rely on broadband to connect care providers in distant, often remote places.

The ECRIs’ Top 10 list of threats is as follows:

  1. Cybersecurity Attacks, which can disrupt healthcare delivery, impacting patient safety;
  2. Supply Chain Shortfalls, which pose risks to patient care;
  3. Damaged Infusion Pumps, which can cause medication errors;
  4. Inadequate Emergency Stockpiles, which could disrupt patient care during a public health emergency;
  5. Telehealth, especially workflow and human factors shortcomings, which can cause poor outcomes;
  6. Failure to Adhere to Syringe Pump Best Practices, which can lead to dangerous medication delivery errors;
  7. AI-Based Reconstruction, which can distort images, threatening diagnostic outcomes;
  8. Poor Duodenoscope Reprocessing Ergonomics and Workflows, which put healthcare workers and patients at risk;
  9. Disposable Gowns with insufficient barrier protection, which can put wearers at risk; and
  10. Wi-Fi Dropouts and Dead Zones, which can lead to patient care delays, injuries, and deaths.

Eric Wicklund is the Technology Editor for HealthLeaders.