The ECRI Institute, a not-for-profit patient safety research organization, recently determined that the No. 1 health technology hazard for 2018 is ransomware and other cyber threats. In an in-depth interview explaining the group's Top 10 Health Technology Hazard list, researcher Juuso Leinonen stresses that cyberattacks can have a big impact on care delivery.
"This is definitely something that healthcare facilities should focus on" in the coming year, he says in an interview with Information Security Media Group.
"We are in an environment where patient care is heavily reliant on technologies that communicate data over the network," Leinonen says. If that system is not available for use, it can slow or delay care, or cancel appointments. So, it can really impact the way patients are normally taken care of, and workflow changes that hospitals need to put in place to tackle this can also pose as a patient safety risk."
Leinonen points to other patient safety issues that involve electronic health records and medical devices.
"In the healthcare environment, a lot of medical devices are actually directly connected to the EHR and they pass data back and forth. It is important that the configurations are done appropriately so that any patient data passed between these systems is secure," he says.
All departments within a hospital or clinic must be involved in protecting patient safety by guarding against cyberattacks, Leinonen says. "It goes beyond IT departments; clinical engineering, information security and even the clinicians have a role to play to ensure that any incident is properly managed as well as reducing the risk of these incidents occurring in the first place," he says.
In the interview (see audio link below photo), Leinonen discusses:
- Cybersecurity challenges involving health technology;
- The types of hospitals most vulnerable to ransomware attacks;
- Emerging cyberthreats facing healthcare entities in 2018.
Leinonen is a senior project engineer in the health devices group at ECRI Institute, where he performs medical device evaluations, develops practical guidance for healthcare facilities, consults with healthcare facilities about medical technologies and conducts accident investigations. He's the lead subject matter expert in medical device cybersecurity, medical device integration, infusion technology and telehealth. He came to ECRI Institute with a background in clinical engineering from St. George's Hospital in London.