Skip navigation

Ransomware Tops List of Healthcare Technology Hazards for 2018

Healthcare nonprofit ECRI Institute compiled a list of the top health technology hazards for 2018, with ransomware in the top spot.

A rapidly changing technology landscape in healthcare is posing risks that were unforeseen even a few years ago. In 2018, healthcare and IT professionals will need to watch out for issues around ransomware, glitches in alarm notification systems, and networking errors, all of which could endanger patients.

Healthcare nonprofit ECRI Institute compiled a list of the top health technology hazards for 2018, with ransomware in the top spot. While ransomware is not a new threat, it gained mainstream recognition this year as hospitals grappled with WannaCry and its aftermath.

ECRI warns that the consequences of ransomware and malware can have a widespread impact on a healthcare organization, including preventing access to patient data and records, disabling third-party services, and even affect building and infrastructure systems. This can lead to canceled procedures, damage to systems and equipment, exposure of patient data, and in extreme cases, hospital closures. In 2016, 72 percent of all malware attacks on the healthcare industry were caused by ransomware. It seems that this risk is far from over in 2018. 

ECRI recommends healthcare teams come together to form proactive approaches to security, which should involve collaboration between senior management, clinical engineering, IT, and other stakeholders.

Separately, Unisys released predictions around the healthcare market today, noting that the majority of its U.S. respondents are concerned about the potential of hackers gaining access to internet-connected medical devices such as defibrillators, pacemakers or insulin pumps.

Another top technology risk for healthcare professionals is configuration or management problems with secondary alarm notification systems. This software sends alarms and other relevant alerts from a medical device or IT system to a clinician’s smartphone or other device. Configured improperly, these systems could fail to deliver an alarm, which could lead to avoidable patient harm.

Incidents that have been reported include overloaded systems leading to alarm delivery delays and failures; dropouts and alarm delivery failures after an antivirus software update which were incompatible with the system; and conflicting mobile apps and the alarm system causing phones to freeze or shut down.

ECRI said that these problems can be prevented during system configuration, verification and validation during implementation, as well as ongoing testing of system integrity.  

Networking errors are another major risk that healthcare organizations need to be aware of, as ignoring best practices can lead to incomplete data transfers and other data communication errors, ECRI says. These issues will be exasperated by the sheer number of devices that will be connected within hospitals and healthcare facilities.

“With more and more medical devices and information systems being connected through hardwired or wireless networks, it has become increasingly important for healthcare facilities to assess, approve, and implement changes to these networked medical devices and information systems in a controlled manner,” ECRI said in its report.

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.