News Release

ECRI Names Cybersecurity Attacks the Top Health Technology Hazard for 2022

ECRI, an independent, nonprofit organization that provides technology solutions and evidence-based guidance to healthcare decision-makers worldwide, lists cybersecurity attacks as the top health technology hazard for 2022 in its just-released annual report.

Cybersecurity incidents can disrupt more than business operations, warns the nation’s largest federally designated patient safety organization—they can disrupt patient care, and thus pose a real threat of physical harm. All healthcare organizations are subject to cybersecurity incidents, cites ECRI in its report.

“The question is not whether a given facility will be attacked, but when,” says Marcus Schabacker, MD, PhD, president and chief executive officer of ECRI. “Responding to these risks requires not only a robust security program to prevent attacks from reaching critical devices and systems, but also a plan for maintaining patient care when they do. ECRI’s new guidance can help leaders be better prepared to protect their facilities and keep patients safe.”

Healthcare providers today depend on network-connected medical devices and data systems to deliver safe and effective patient care. A cybersecurity incident that compromises those devices or systems could lead to the rescheduling of appointments and surgeries, the diversion of emergency vehicles, or the closure of care units or even whole organizations—all of which could put patients at risk.

During the past five years, ECRI's healthcare recall, hazards, and cyber alert notification service has included 173 medical device cybersecurity alerts; 13 of those have been cybersecurity-related FDA recalls. Affected devices and systems include MRI systems, physiologic monitors, infusion pumps, and lab analyzers.

“ECRI remains committed to building awareness about technology hazards to keep patients safe, especially for those technologies that may not have gotten the needed attention during the pandemic,” adds Schabacker. 

ECRI’s Top 10 Health Technology Hazards for 2022 are as follows:

  1. Cybersecurity Attacks Can Disrupt Healthcare Delivery, Impacting Patient Safety     

  2. Supply Chain Shortfalls Pose Risks to Patient Care         

  3. Damaged Infusion Pumps Can Cause Medication Errors                     

  4. Inadequate Emergency Stockpiles Could Disrupt Patient Care during a Public Health Emergency              

  5. Telehealth Workflow and Human Factors Shortcomings Can Cause Poor Outcomes 

  6. Failure to Adhere to Syringe Pump Best Practices Can Lead to Dangerous Medication Delivery Errors      

  7. AI-Based Reconstruction Can Distort Images, Threatening Diagnostic Outcomes       

  8. Poor Duodenoscope Reprocessing Ergonomics and Workflows Put Healthcare Workers and Patients at Risk           

  9. Disposable Gowns with Insufficient Barrier Protection Put Wearers at Risk

  10. Wi-Fi Dropouts and Dead Zones Can Lead to Patient Care Delays, Injuries, and Deaths

ECRI’s annual report, now in its 15th year, identifies health technology concerns that warrant attention by healthcare leaders. ECRI’s team of biomedical engineers, clinicians, and healthcare management experts follows a rigorous review process to select topics for the annual list, drawing insight from incident investigations, reporting databases, and independent medical device testing.

The full Top 10 Health Technology Hazards report, accessible to ECRI members, provides detailed steps that organizations can proactively take to prevent adverse incidents. An executive brief version is available for complimentary download at www.ecri.org/2022hazards.

On Wednesday, January 26, 2022, ECRI is presenting a top 10 health technology hazards lab webcast, Cybersecurity Incidents: A Threat to Patient Safety and Healthcare Delivery. Speakers include experts from ECRI as well as national cybersecurity authorities, including Dr. Kevin Fu, acting director of medical device cybersecurity at U.S. FDA’s Center for Devices and Radiological Health (CDRH) and program director for cybersecurity, Digital Health Center of Excellence (DHCoE) and Dr. Christian Dameff,  medical director of cybersecurity and assistant professor of emergency medicine, biomedical informatics, and computer science (affiliate), University of California San Diego. This live lab webcast is free with advance registration.

To learn more, visit www.ecri.org, call (610) 825-6000, ext. 5891, or e-mail [email protected].

More News