By Juuso Leinonen and Chad Waters
ECRI Institute, an independent, not-for-profit patient safety organization, ranked cyber threats to healthcare delivery as the top health technology concern for 2019. This marks the second consecutive year that cybersecurity topped the organization's Top 10 Health Technology Hazards list.
Each year, ECRI Institute produces its list and an accompanying report to help hospitals direct their time and energy toward practical technology management activities that can have the greatest impact on patient safety.
Special-Pricing Available on Medical Displays, Patient Monitors, Recorders, Printers, Media, Ultrasound Machines, and Cameras.This includes Top Brands such as SONY, BARCO, NDS, NEC, LG, EDAN, EIZO, ELO, FSN, PANASONIC, MITSUBISHI, OLYMPUS, & WIDE.
For 2018, the organization's report broadly addressed the challenges that healthcare organizations face from ransomware and other malware. The 2019 report, in comparison, focuses more narrowly on one key area of vulnerability: systems that allow remote access to a healthcare organization's network.
Remote access delivers both patient safety benefits and clinical workflow efficiencies, and thus, has become prevalent in healthcare organizations. Use cases range from allowing clinicians to remotely view radiology studies through PACS to enabling medical device manufacturers to remotely troubleshoot error conditions with their devices. However, if remote access is not appropriately configured or protected, an opportunity for unauthorized network intrusion and system disruption exists.
In the past year, healthcare organizations have been specifically impacted by SamSam ransomware that targeted publicly-facing remote access, leveraging the access to infiltrate the network and cause havoc. The rising trend in remote access hacks was also highlighted by a recent FBI notice, “Cyber Actors Increasingly Exploit the Remote Desktop Protocol to Conduct Malicious Activity” [https://www.ic3.gov/media/2018/180927.aspx].
Regardless of the nature of the vulnerability or how it is exploited, healthcare operations can be disrupted by cyberattacks, making cybersecurity a critical patient safety concern.
Cybersecurity as a patient safety concern
Increase in remote access is just one example of the increasing connectivity in the healthcare environment. This growing connectivity presents a challenge for network security as well as patient safety. ECRI Institute estimates that each bed space has an average of 15-17 connected medical devices, and clinical data exchange between these devices and their related systems has become integral in the diagnosis and treatment of patients. However, when disruptions occur in the well-established clinical processes that rely on this data exchange, errors that affect patient care can occur.