By Jay Kumar
This article first appeared October 2, 2018 on PSQH.
In its 2019 Top 10 Health Technology Hazards report, ECRI Institute highlighted potential sources of danger stemming from health technology, with cybersecurity attacks topping the list. Ranked by which risks should receive the highest priority, the list compiled by ECRI’s Health Devices Group positions the threat of hackers targeting remote access to healthcare systems as the most pressing.
“Cybersecurity attacks that infiltrate a network by exploiting remote access functionality on connected devices and systems—or by any other means—remain a significant threat to healthcare operations,” according to the report’s executive brief. “Attacks can render devices or systems inoperative, degrade their performance, or expose or compromise the data they hold, all of which can severely hinder the delivery of patient care and put patients at risk.”
Once hackers gain access to an organization’s network, they can move on to other connected devices or systems, installing ransomware, stealing data, or using computing resources for other purposes, according to ECRI. Organizations should identify, protect, and monitor all remote access points, as well as follow recommended cybersecurity practices like having a strong password policy, maintaining and patching systems, and logging system access.
Other hazards include the following:
- “Clean” mattresses that retain blood and other body fluids after cleaning. Whether it’s the mattress or the mattress cover, improper cleaning and disinfecting can expose subsequent patients to infectious materials.
- Retained surgical sponges that are unintentionally left inside a patient after the surgical site is closed. Surgical teams conduct manual counts of sponges as a matter of routine, but errors still occur, and retained sponges can lead to infection and other complications.
- Errors in setting ventilator alarms can result in the risk of hypoxic brain injury or death. Ventilators are life-support devices that help patients breathe adequately, but loose connections, manufacturing defects, and other problems can put patients at risk. Properly set alarms can prevent these complications, but errors in setting the alarms can result in bad outcomes.
- Improper handling and storage of flexible endoscopes can recontaminate previously disinfected scopes, leading to an increased risk of patient infections.
- Confusing the dose rate with the flow rate can lead to dangerous infusion pump medication errors. This includes incorrectly programming so-called smart pumps.
- Improper customization of the alarms on a physiologic monitoring system could result in missed alarms, which in turn could lead to serious patient injury or death if problems aren’t recognized and treated in time.
- Overhead patient lift systems can cause injury or damage if the system is improperly designed, installed, used, or maintained.
- Improper cleaning of electrical equipment can result in equipment malfunction, damage, or fire. The use of cleaning or disinfectant wipes that are dripping with excess fluid, or spraying liquids directly onto powered medical devices and equipment can cause fluid to enter electrical components such as plugs, sockets, or power supplies.