Nonprofit, independent journalism. Supported by readers.

UCare generously supports MinnPost’s Second Opinion coverage; learn why.

Cybersecurity threats lead list of ‘Top 10 Tech Health Hazards’ for 2018

The technologies examined for the annual list included everything “from beds and stretchers to large, complex imaging systems.”

Malicious software programs “can significantly impact care delivery by rendering health IT systems unusable, by preventing access to patient data and records, and by affecting the functionality of networked medical devices.”
REUTERS/Kacper Pempel

Ransomware and other types of malicious software programs lead the list of the “Top 10 Tech Health Hazards” for 2018, according to a report issued this week by the ECRI Institute, an independent nonprofit organization that researches ways of improving patient care. 

The report, which is published annually, identifies the most significant potential sources of danger to patients involving medical devices and other health technologies for the coming year. Its primary audiences are hospitals and health care systems, but patients can benefit from being aware of these hazards as well.

To compile the list, ECRI’s experts look at a variety of factors, including the severity of the hazard, the likelihood that it could cause serious injury or death, the frequency with which it occurs, the overall likelihood that it will occur (and affect many people) and its preventability.

But, as the experts note, the list mainly “reflects our judgment about which risks should receive priority now.”  

Article continues after advertisement

The technologies examined for the annual list, they add, included everything “from beds and stretchers to large, complex imaging systems.”

Here are the top five items on the 2018 list:

1.  Ransomeware and other cybersecurity threats to health care delivery. Malicious software programs (malware) “can significantly impact care delivery by rendering health IT systems unusable, by preventing access to patient data and records, and by affecting the functionality of networked medical devices,” the report warns. “Further, such attacks can disable third-party services, disrupt the supply chain for drugs and supplies, and affect building and infrastructure systems.”

A ransomeware attack temporarily crippled parts of Great Britain’s National Health Service earlier this year.

2. Endoscope reprocessing failures. A “reprocessing failure” is medical lingo for not properly cleaning and sterilizing endoscopes between uses. An endoscope is a thin, tube-like medical instrument that is used for a variety of purposes to examine internal organs. If the device is not cleaned thoroughly between uses, it can lead to the spread of deadly infections. This particular health hazard has made the ECRI’s “top 10” list for eight of the past 10 years.

3. Contaminated mattresses and stretchers. “A bed or stretcher’s support surface consists of a mattress along with a mattress cover that prevents the ingress of body fluids and other contaminants into the mattress,” the report explains. “The mattress cover is cleaned and disinfected between patients, but the mattress is not. Hence, if the integrity of a mattress cover is compromised, the mattress underneath can become contaminated and remain so for subsequent patients.” 

That puts both patients and staff at risk. “Reported incidents include patients lying on an apparently clean bed or stretcher when blood from a previous patient oozed out of the support surface onto the patient,” the report adds.

4. Missed medical alarms. Software systems send alarms and other alerts from a patient’s medical device or from a hospital’s IT system to the smartphone or other communication device of an attending physician or nurse. “The systems are intended to facilitate timely notification of the appropriate clinician, but configuration or management problems with the systems themselves can lead to alarm delivery delays or failures,” the report points out.

“Delayed or failed delivery of a critical alarm or alert can lead to missed alarm conditions, delayed care, and avoidable patient harm,” it adds.

Article continues after advertisement

5. Improper cleaning of medical devices. Too often, medical devices are not cleaned appropriately, leading to “device malfunctions, equipment failures and potential for patient injury,” the report says.

“The need to stock and use multiple cleaning products, along with the requirement to familiarize staff with device-specific cleaning methods, is a significant burden for hospitals,” the report adds. “Nevertheless, the risk of harm to patients and staff, and the often substantial costs to replace damaged devices, outweighs the challenge of implementing safe and correct cleaning.”

Here are briefer accounts of the rest of the tech hazards on the list:

6. Unholstered electrosurgical electrode pencils. Electrosurgical pencils are devices used during surgery, often to prevent blood loss. If not stored properly in a nonconductive “holster” between activations, the device can cause patients to be accidentally burned. They can also cause operating room fires.

7. Inadequate Use of Digital Imaging Tools. Too many patients and medical staff are being exposed to unnecessary radiation, the report points out. Imaging departments in hospitals and other facilities need to do a better job of training the operators of imaging technologies, it adds..

8. Improper practices regarding bar-code systems for medications. Bar-code systems can prevent dangerous medication errors in hospitals — if used correctly. Unfortunately, they are ignored by hospital staff. “Improper practices include administering medications before using the bar-code scanner, scanning patient bar codes from a list of stickers on a clipboard instead of from the patient wristband, and preparing medications for more than one patient at a time,” the report points out.

9. Flaws in medical device networking. An example cited in the report involves “data from a fetal monitor not being correctly displayed on the workstation at the nurse’s station, creating the potential for delayed response to a critical change in the patient’s condition.”

10. Slow adoption of safer enteral feeding connectors. An enteral feeding connector is a “feeding tube,” which is used to give nutrition to patients who are unable to eat on their own. The report cites a couple of deadly incidents, including one in which nutrition was inserted into a patient’s lungs after the feeding tube was misconnected to a suction catheter for a ventilator. A new connector design for feeding tubes that avoids these errors is now available, but it has not been widely adopted.

FMI: You can read the executive summary of the ECRI report on the institute’s website. The full report is available only to the institute’s members.