This post was originally published on this site

healthcare IT security remote patient monitoring connected device cybersecurity risk

By Jessica Davis

– ECRI Institute released its annual top 10 list of health technology hazards for 2020, designed to drive awareness around patient safety risks to hospitals, medical practices, and homecare providers.

The cybersecurity risks posed by remote patient monitoring tools and other connected devices ranked seventh, overall. ECRI researchers noted that this year’s list focused on newly developing hazards, including those caused by the migration of medical technology outside the healthcare setting.

The risk of connected devices used in the home healthcare environment have increased, as more providers leverage remote patient monitoring devices to identify patients at-risk of health issues before they require hospitalization.

But as the use of RPM and other connected devices move into the home environment, ECRI researchers noted cybersecurity policies and practices aimed at tackling the security challenges have not kept pace.

“As with any networked medical device, connected devices used in the home must be protected against threats that could interrupt the flow of data, alter or degrade the device’s performance, or expose protected health information,” researchers wrote.

“A cybersecurity issue that interrupts the transfer of data to the healthcare provider, for example, could lead to misdiagnosis or a delay in care,” they added.

TO ECRI, the need for these devices to be deployed on the patient’s home network – out of the provider’s control – adds to the challenge of ensuring these devices are secure. What’s more, physical access to these devices are limited, which complicates troubleshooting or installing updates.

Patient compliance can also prove difficult, if the patient is not proficient in using the device or “has unwarranted fears about cybersecurity risks.”

ECRI researchers recommended organizations assess system security during the process of purchasing the device and address any security concerns during installation at the patient’s home and on the provider’s network.

“The goal is not just to get the monitoring system to function, but to get it functioning securely,” researchers explained. “Connected devices used in the home must be protected against threats that could interrupt the flow of data, alter or degrade the device’s performance, or expose protected health information.”

ECRI researchers identified the potential sources of danger that health providers should work to overcome in the next year. Researchers noted the list is not compiled from the most frequently reported issues, rather, “the list reflects our judgment about which risks should receive priority now.”

The institute’s engineers, scientists, clinicians, and other patient safety analysts ranked the safety concerns based on their experience and insight garnered by investigating incidents, reviewing literature, speaking with clinicians and other healthcare workforce members, and other tech-related problems reported to ECRI.

Those nominated topics are then ranked by severity, frequency breadth, insidiousness, profile, and preventability.

“All the items on our list represent problems that can be avoided or risks that can be minimized through the careful management of technologies,” researchers explained. “The list serves as a tool that healthcare facilities can use to efficiently and effectively manage the risks.”

In order, the top 10 health technology hazards include:

  • Surgical stapler misuse
  • Point-of-care ultrasound adoption
  • Sterile processing errors in medical and dental offices
  • Hemodialysis risks with central venous catheters
  • Unproven surgical robotic procedures
  • Alarm, alert, and notification overload
  • Cybersecurity risks in the connected home healthcare environment
  • Missing implant data delaying or adding danger to MRIs
  • Medication errors from dose timing in the EHR
  • Loose nuts and bolts in devices.

Connected devices and other technology have often been a point of concern for many industry stakeholders, given the industry’s struggles with patching, inventory, and the ability to secure the network.

Most recently, the Food and Drug Administration released an alert around vulnerabilities found in connected medical devices and healthcare networks that could pose a risk to healthcare networks. The URGENT/11 flaw is found in several operating systems used in a wide range of industrial and medical devices.