6 Things Healthcare Execs Should Do to Prepare for Cyber Threats
The ECRI Institute's annual list of health technology dangers can prompt healthcare leaders to address cyber vulnerabilities.
Endoscope reprocessing failures, missed alarms, neglecting to use technology the way it's intended all figure prominently in ECRI Institute's annual Top 10 Health Technology Hazards for 2018 list. But the No. 1 hazard is ransomware and other cybersecurity threats, which impacts the safety of patients and threatens the safety of their sensitive personal information, too.
Cyberattacks have hit healthcare organizations several times this year, including in June, when the pharmaceutical company Merck, health records service Nuance Communications, and the Pennsylvania-based Heritage Valley Health System were among the many entities affected by a global ransomware, and in May, when the United Kingdom's National Health Service was crippled when a global ransomware attack—dubbed "WannaCry"—forced appointments and operations to be cancelled, hospitals to disconnect from email, IT systems to be shut off, and some facilities to turn patients away.
"The disruption has the potential to cause a patient safety issue and can ultimately lead to patient harm," says Juuso Leinonen, senior project engineer for ECRI Institute's Health Devices Group, a nonprofit organization dedicated to applied scientific research for the improvement of patient care. He says ransomware can impact IT systems and data and make them unusable.
Leinonen said the ECRI Institute "look[s] at ransomware in the context of how that can impact anything from your data to your normal workflow."
For example, ransomware often uses encryption to make data unavailable for use, and that can impact anything that's used within the normal workflow, from EHR systems to the thousands of networked devices in the organization, such as ventilators and pumps.
"If you suddenly cannot access those systems or utilize those devices, we strongly feel like that can lead to compromised patient care," Leinonen says.