The 2019 Top 10 Health Technology Hazards report from the ECRI Institute points to cybersecurity threats as the top technology concern facing the healthcare industry this year. This is the second year in a row that cybersecurity has been included on the list.
In their analysis for 2019, ECRI shined a light on the issue of hackers gaining remote access to systems and disrupting healthcare operations. “Attacks can render devices or systems inoperative, degrade their performance, or expose or compromise the data they hold, all of which can severely hinder the delivery of patient care and put patients at risk,” the report stated.
The fact that these systems have been designed to allow remote access—such as for allowing clinicians to access clinical data or vendors to troubleshoot systems—brings extra risk, the report’s authors note. When such systems are not properly maintained, they offer hackers an attractive vulnerable point of access to infiltrate an organization’s network.
Initial access can be attained through either medical or nonmedical systems, allowing attackers to then access other connected systems and devices. This access allows hackers to perform a range of malicious activity, including:
- Installing ransomware or malware
- Stealing data
- Rendering data unusable
- Hijacking computing resources to generate cryptocurrency
The report recommends identifying, protecting, and monitoring all remote access points to mitigate the risk. They also recommend organizations implement and maintain cybersecurity best practices, such as strong password policies, regular system maintenance, and keeping a log of system access.
Sarah Sheber is assistant editor/web editor at Journal of AHIMA.