PLYMOUTH MEETING, PA—Ransomware is a form of computer malware that holds systems hostage with a ransom demand. Medical systems are vulnerable to such attacks, which can damage hospital operations and compromise patient care by barring users from accessing critical functions and data.
Today, ECRI Institute, the independent leader in medical device safety and evaluation, announces the publication of a new guidance article, "Ransomware Attacks: How to Protect Your Medical Device Systems." The free resource offers ECRI Institute's independent, unbiased recommendations to help hospitals identify and protect against ransomware attacks.
"With the recent news of nationwide cyberattacks, we thought it was very important to make this information available to the public as quickly as possible," says Juuso Leinonen, project officer, Health Devices Group, ECRI Institute. "Following these recommendations will allow hospitals to minimize impact to normal operations and mitigate the risk of a ransomware infection with your medical devices."
The report provides recommendations for adapting general cybersecurity principles to the particular requirements of medical device systems, including a list of immediate do's and don'ts for quickly responding to emerging threats. This practical guidance will help facilities protect their devices and information in a timely manner.
ECRI Institute has published a number of articles designed to help hospitals respond to cybersecurity threats. These resources provide guidance on topics ranging from ongoing management, strengthening cybersecurity initiatives, and finding future system acquisitions.
At the end of 2016, ECRI Institute launched its Cybersecurity Gap Analysis service to help hospitals and health systems develop a program to protect their medical devices from being used against them in a cyberattack.
"Patching medical devices' software and routinely training staff members about phishing emails are just two aspects of a medical device cybersecurity program; there are many other issues that every hospital has to address," says Robert Maliff, director, Applied Solutions Group, ECRI Institute.
Software management gaps putting patients and patient data at risk is No. 6 on ECRI Institute's annual Top 10 Health Technology Hazards list for 2017; Medical Device Cybersecurity was No. 2 on ECRI Institute's 2016 Top 10 Hospital C-Suite Watch List.
For more information about ECRI Institute's work with medical device cybersecurity, contact ECRI Institute by telephone at (610) 825-6000; by e-mail at firstname.lastname@example.org; or by mail at 5200 Butler Pike, Plymouth Meeting, PA 19462.
- ECRI Institute Issues Free Public Resource to Protect Hospitals from Ransomware Attacks http://bit.ly/2r0CqZ9
About ECRI Institute
ECRI Institute (www.ecri.org), a nonprofit organization, dedicates itself to bringing the discipline of applied scientific research to healthcare to discover which medical procedures, devices, drugs, and processes enable improved patient care. As pioneers in this science for nearly 50 years, ECRI Institute marries experience and independence with the objectivity of evidence-based research. Strict conflict-of-interest guidelines ensure objectivity. ECRI Institute is designated an Evidence-based Practice Center by the U.S. Agency for Healthcare Research and Quality. ECRI Institute PSO is listed as a federally certified Patient Safety Organization by the U.S. Department of Health and Human Services. ECRI Institute convened and operates the Partnership for Health IT Patient Safety, a multi-stakeholder collaborative. Find ECRI Institute on Facebook (www.facebook.com/ECRIInstitute) and on Twitter (www.twitter.com/ECRI_Institute).
For more information, contact:
Laurie Menyo, Director of Public Relations and Marketing Communications
(610) 825-6000, ext. 5310