NEWS RELEASE

ECRI Names Cybersecurity Attacks the Top Health Technology Hazard for 2022

This year’s Top 10 report cautions healthcare leaders about safety concerns with IT-related security challenges, COVID-19 supply chain shortages, telehealth, medication safety, and other device risks

January 18, 2022

PLYMOUTH MEETING, PA—ECRI, an independent, nonprofit organization that provides technology solutions and evidence-based guidance to healthcare decision-makers worldwide, lists cybersecurity attacks as the top health technology hazard for 2022 in its just-released annual report.

Cybersecurity incidents can disrupt more than business operations, warns the nation’s largest federally designated patient safety organization—they can disrupt patient care, and thus pose a real threat of physical harm. All healthcare organizations are subject to cybersecurity incidents, cites ECRI in its report.

“The question is not whether a given facility will be attacked, but when,” says Marcus Schabacker, MD, PhD, president and chief executive officer of ECRI. “Responding to these risks requires not only a robust security program to prevent attacks from reaching critical devices and systems, but also a plan for maintaining patient care when they do. ECRI’s new guidance can help leaders be better prepared to protect their facilities and keep patients safe.”

Healthcare providers today depend on network-connected medical devices and data systems to deliver safe and effective patient care. A cybersecurity incident that compromises those devices or systems could lead to the rescheduling of appointments and surgeries, the diversion of emergency vehicles, or the closure of care units or even whole organizations—all of which could put patients at risk.

During the past five years, ECRI's healthcare recall, hazards, and cyber alert notification service has included 173 medical device cybersecurity alerts; 13 of those have been cybersecurity-related FDA recalls. Affected devices and systems include MRI systems, physiologic monitors, infusion pumps, and lab analyzers.

“ECRI remains committed to building awareness about technology hazards to keep patients safe, especially for those technologies that may not have gotten the needed attention during the pandemic,” adds Schabacker.

ECRI’s Top 10 Health Technology Hazards for 2022 are as follows:
1. Cybersecurity Attacks Can Disrupt Healthcare Delivery, Impacting Patient Safety
2. Supply Chain Shortfalls Pose Risks to Patient Care
3. Damaged Infusion Pumps Can Cause Medication Errors
4. Inadequate Emergency Stockpiles Could Disrupt Patient Care during a Public Health Emergency
5. Telehealth Workflow and Human Factors Shortcomings Can Cause Poor Outcomes
6. Failure to Adhere to Syringe Pump Best Practices Can Lead to Dangerous Medication Delivery Errors
7. AI-Based Reconstruction Can Distort Images, Threatening Diagnostic Outcomes
8. Poor Duodenoscope Reprocessing Ergonomics and Workflows Put Healthcare Workers and Patients at Risk
9. Disposable Gowns with Insufficient Barrier Protection Put Wearers at Risk
10. Wi-Fi Dropouts and Dead Zones Can Lead to Patient Care Delays, Injuries, and Deaths

ECRI’s annual report, now in its 15th year, identifies health technology concerns that warrant attention by healthcare leaders. ECRI’s team of biomedical engineers, clinicians, and healthcare management experts follows a rigorous review process to select topics for the annual list, drawing insight from incident investigations, reporting databases, and independent medical device testing.

The full Top 10 Health Technology Hazards report, accessible to ECRI members, provides detailed steps that organizations can proactively take to prevent adverse incidents. An executive brief version is available for complimentary download at www.ecri.org/2022hazards.

On Wednesday, January 26, 2022, ECRI is presenting a lab webcast, Cybersecurity Incidents: A Threat to Patient Safety and Healthcare Delivery. Speakers include experts from ECRI as well as national cybersecurity authorities, including Dr. Kevin Fu, acting director of medical device cybersecurity at U.S. FDA’s Center for Devices and Radiological Health (CDRH) and program director for cybersecurity, Digital Health Center of Excellence (DHCoE) and Dr. Christian Dameff, medical director of cybersecurity and assistant professor of emergency medicine, biomedical informatics, and computer science (affiliate), University of California San Diego. This live lab webcast is free with advance registration.

To learn more, visit www.ecri.org, call (610) 825-6000, ext. 5891, or e-mail clientservices@ecri.org.

Social sharing

  • @ECRI_Org releases Top 10 Health Technology Hazards list for 2022 #2022hazards
  • Cybersecurity attacks top @ECRI_Org’s annual list of health technology hazards #2022hazards

About ECRI

ECRI is an independent, nonprofit organization improving the safety, quality, and cost-effectiveness of care across all healthcare settings. With a focus on patient safety, evidence-based medicine, and health technology decision solutions, ECRI is respected and trusted by healthcare leaders and agencies worldwide. Over the past fifty years, ECRI has built its reputation on integrity and disciplined rigor, with an unwavering commitment to independence and strict conflict-of-interest rules.

ECRI is the only organization worldwide to conduct independent medical device evaluations, with labs located in North America and Asia Pacific. ECRI is designated an Evidence-based Practice Center by the U.S. Agency for Healthcare Research and Quality. ECRI and the Institute for Safe Medication Practices PSO is a federally certified Patient Safety Organization as designated by the U.S. Department of Health and Human Services. The Institute for Safe Medication Practices (ISMP) formally became an ECRI Affiliate in 2020.

Visit www.ecri.org and follow @ECRI_Org.

For more information, contact:
Laurie Menyo, Director of Strategic Communications
610.825.6000 ext. 5310
lmenyo@ecri.org