Ransomware and Other Cybersecurity Threats Top ECRI Institute's Annual Health Technology Hazards List

2018 Top 10 hazards list also includes endoscope reprocessing failures, contamination issues, and missed alarms

November 6, 2017

PLYMOUTH MEETING, PA—Health technology safety—from safeguarding medical devices and IT systems against ransomware attacks to avoiding misconnections of enteral feeding components—requires that healthcare facilities identify the possibility of danger or difficulty with those technologies and take steps to minimize the likelihood of adverse events.

Today, ECRI Institute announces the launch of its Top 10 Health Technology Hazards for 2018 list. The report identifies the potential sources of danger involving medical devices and other health technologies that ECRI believes warrant the greatest attention for the coming year. The guidance that accompanies each hazard provides practical strategies for reducing risks, establishing priorities, and enacting solutions.

"Patient safety is on everyone’s mind, but technology safety sometimes gets left behind," says David T. Jamison, executive director, Health Devices Group, ECRI Institute. "As an independent medical device testing laboratory and investigator of technology-related incidents, we know what can go wrong and what steps hospitals can take to reduce patient harm related to specific technologies and processes."

This year’s No. 1 hazard calls attention to the patient safety component of ransomware and other cybersecurity threats. In the healthcare environment, ransomware and other types of malware attacks are more than just an IT nightmare. They are potential patient safety crises that can disrupt healthcare delivery operations, placing patients at risk. Multiple ransomware and other malware variants have infected healthcare organizations, as well as other private and public organizations, throughout the world.

Endoscope reprocessing remains in the No. 2 spot this year, as healthcare facilities continue to struggle with consistently and effectively cleaning, disinfecting, and sterilizing these instruments between uses. Reprocessing failures can lead—and have led—to the spread of deadly infections.

Other topics on the list include bed and stretcher support surfaces that remain contaminated between patients, missed alarms, equipment malfunctions resulting from the use of incompatible cleaning agents, patient burns from electrosurgical electrodes that are not safely holstered between uses, and unnecessary radiation exposures during digital imaging procedures.

To develop the annual list, ECRI Institute's multidisciplinary staff of engineers, scientists, nurses, physicians, and safety analysts draws on the resources of the Institute's 50-year history, as well as expertise and insight gained through testing and analyzing healthcare technologies. Topics on the list are selected by weighing factors such as the severity, frequency, breadth, insidiousness, and profile of the hazard. Additionally, all the hazards selected can, at least to some degree, be prevented by implementing appropriate measures.

The Top 10 Health Technology Hazards for 2018 Executive Brief is available for free download. ECRI Institute members can access the full Top 10 Hazards Solutions Kit that includes detailed recommendations for addressing the hazards.

For questions about ECRI Institute’s annual list of health technology hazards, or for information about ECRI Institute’s Health Devices program, Alerts Tracker®, or Accident Investigation services, contact ECRI Institute by telephone at (610) 825-6000, ext. 5891, or by e-mail at

Social Sharing

  • #Ransomware tops @ECRI_Institute 2018 Technology Top 10 #Hazards #2018haz
  • Free report! @ECRI_Institute 2018 Top 10 Health Technology Hazards #2018haz

About ECRI Institute
ECRI Institute (, a nonprofit organization, dedicates itself to bringing the discipline of applied scientific research to healthcare to discover which medical procedures, devices, drugs, and processes enable improved patient care. As pioneers in this science for 50 years, ECRI Institute marries experience and independence with the objectivity of evidence-based research. Strict conflict-of-interest guidelines ensure objectivity. ECRI Institute is designated an Evidence-based Practice Center by the U.S. Agency for Healthcare Research and Quality. ECRI Institute PSO is listed as a federally certified Patient Safety Organization by the U.S. Department of Health and Human Services. ECRI Institute convened and operates the Partnership for Health IT Patient Safety, a multi-stakeholder collaborative.

For more information, contact:
Laurie Menyo, Director of Public Relations and Marketing Communications
(610) 825-6000, ext. 5310