ECRI: Cybersecurity tops 2018 health technology hazards
- Ransomware and other cybersecurity threats that compromise patient safety top ECRI Institute’s list of health technology hazards for 2018.
- For the second straight year, endoscope reprocessing failures claims the No. 2 spot, due to the high risk of spreading infections.
- ECRI compiles the annual list to highlight potential safety issues that warrant attention in the coming year.
Cybersecurity has been on everybody’s minds this year — from the massive WannaCry attack in May that froze computers in a number of UK hospitals, shutting down all but emergency services, to October’s cyber attack on FirstHealth of the Carolinas’ IT network. In between were several other high-profile incidents.
The ECRI warning comes as healthcare organizations are already beefing up their cybersecurity efforts. In a recent HIMSS survey, 71% of IT leaders said their organizations budget for cybersecurity and about 80% said they had a dedicated cybersecurity staff.
The best cyber defense involves a combined human-technology approach, Vincent Weafer, president of cybersecurity firm McAfee Labs, says. “The proof of successful human and technology teaming will be seen in the ability to rapidly dismiss alerts and stop new threats,” he told Healthcare Dive in a recent interview.
The No. 2 hazard on the list is insufficient cleaning of duodenoscopes and other complex, reusable instruments.
“Superbug” infections linked to duodenoscopes were first reported in 2014 and investigations quickly drew attention to design features that make thorough cleaning difficult. The FDA has since required manufacturers to update their labels with warnings and stricter cleaning instructions, but more needs to be done, ECRI says.
The report recommends healthcare facilities establish processes for assessing the quality of the cleaning and deploy measures for drying reprocessed endoscopes before they are stored to remove moisture in the channels that could encourage microbes not killed during the cleaning process.
The list also touches on alert fatigue, which was highlighted in a recent study examining three years worth of data from one hospital. It found three-fourths of medication-related clinical decision support alerts in inpatients were overridden, and about 40% of those overrides were inappropriate.
Rounding out the hazards list are:
- Contaminated mattresses and covers;
- Missed alarms due to improperly configured secondary notification devices and systems;
- Improper cleaning leading to device malfunctions or equipment failures;
- Unholstered electrosurgical active electrodes, which can cause burns or fires;
- Poor use of digital imaging tools resulting in unnecessary radiation exposure;
- Workarounds that negate the safety benefits of bar-coded medication administration systems;
- Flaws in medical device networking that delay or undermine care; and
- Slow adoption of safer enteral feeding connectors.
Selections for the list are based on severity, frequency, breadth, insidiousness and preventability of the hazard. The report includes a list of resources for each of the 10 items. CRI members can also download a Top 10 Hazards Solutions Kit with suggestions for minimizing safety risks.