Cyber Threats Top ECRI Institute’s 2019 Health Technology Hazards

October 1, 2018

PLYMOUTH MEETING, PA—ECRI Institute, one of the nation's leading patient safety and medical technology research organizations, places health technology cybersecurity at the top of its just-released 2019 Top 10 Health Technology Hazards. The report highlights the potential for hackers to exploit remote access systems to gain unauthorized entry to a healthcare organization's networked devices and systems. Such attacks can disrupt healthcare operations, hindering the delivery of care and putting patients at risk.

Cybersecurity is clearly a growing concern. ECRI Institute published 50 cybersecurity-related alerts and problem reports in the last 18 months, a major increase over the prior period.

"The consequences of an attack can be widespread and severe, making this a priority concern for all healthcare organizations," says David Jamison, executive director of ECRI's Health Devices program. "In critical situations, this could cause harm or death."

The annual list defines the top health technology hazards that ECRI Institute believes warrant priority attention by healthcare leaders. It serves as a starting point for discussions, helping healthcare organizations plan and prioritize their patient safety efforts.

Other topics on the list include contaminated mattresses, retained surgical sponges, improperly set alarms on ventilators and physiologic monitors, recontaminated endoscopes, infusion pump errors, mechanical failures with overhead patient lifts, damage to electrical equipment from cleaning fluids, and battery charging errors.

"Healthcare organizations need to take technology safety seriously," says Jamison. "That's why our annual report includes practical solutions that can help prevent patient harm."

The full report, accessible to ECRI Institute members, provides detailed steps that organizations can take to prevent adverse incidents at their facilities, not just respond to them. The 2019 Top 10 Health Technology Hazards executive brief is available for complimentary download at

ECRI Institute's engineers, scientists, clinicians, and other patient safety analysts select topics based on insights gained during incident investigations, medical device testing, and reviews of problem reporting databases. They weigh factors such as the severity, frequency, breadth, insidiousness, and profile of the hazards.

For questions about ECRI Institute's 2019 health technology hazards or membership programs, call (610) 825-6000, ext. 5891, or e-mail

Social Sharing

  • #Hackers attacking healthcare through remote access systems named No. 1 hazard on @ECRI_Institute 2019 Top 10 Health Technology #Hazards #2019haz
  • @ECRI_Institute announces its 2019 Top 10 Health Technology Hazards is available for download #2019haz

About ECRI Institute
ECRI Institute (, a nonprofit organization, dedicates itself to bringing the discipline of applied scientific research to healthcare to discover which medical procedures, devices, drugs, and processes enable improved patient care. As pioneers in this science for 50 years, ECRI Institute marries experience and independence with the objectivity of evidence-based research. Strict conflict-of-interest guidelines ensure objectivity. ECRI Institute is designated an Evidence-based Practice Center by the U.S. Agency for Healthcare Research and Quality. ECRI Institute PSO is listed as a federally certified Patient Safety Organization by the U.S. Department of Health and Human Services.

For press inquiries, contact:
Laurie Menyo, Director of Public Relations
(610) 825-6000, ext. 5310