Ransomware and reprocessing lead the ECRI list of top tech hazards

The ECRI Institute published its annual list of the top 10 health technology hazards for the industry. Readers will note that several of the top hazards in 2018 are the same as those in 2017. To guide readers through the hazards, PSMJ spoke to several experts on the top 10 issues and about steps that can be taken to prevent them.

1.    Ransomware and other cybersecurity threats
Summary: “Malware is a term that refers to a category of software that can compromise the security and privacy of a computer system,” says Frank Ruelas, MBA, principal of HIPAA College in Casa Grande, Arizona. “Ransomware is unique to other malware in that when it infects a computer or computer system, it encrypts files, which makes them unusable. Ransomware then displays a notice to the user that by paying a ransom, the user will then receive a key that will unencrypt the infected files.”

With the WannaCry virus and NotPetya virus striking hospitals worldwide last year, it’s not surprising that cybersecurity tops this year’s list. In a healthcare environment, a malware attack can cause canceled procedures and altered workflows (e.g., forcing staff to revert to paper records). They can also damage equipment and systems, expose sensitive data, and force closures of entire care units. Ultimately, they can compromise or delay patient care, leading to patient harm.

Solutions: “Dealing with ransomware is a classic example of the saying, ‘An ounce of prevention is worth a pound of cure,’ ” Ruelas says. “An organization’s best line of defense regarding ransomware includes efforts to train users on how to identify emails that may present a malware attack.”

“Often these emails have telltale signs such as poor grammar, typing errors, generic greetings, and are received by unknown senders of an email. Having an effective training and awareness campaign to alert users on how to identify an email that may contain one or more of these telltale signs and on what to do when they encounter one of these emails may be one of the best ways to prevent a ransomware attack.”

“Should a ransomware attack infect a computer system, information technology (IT) staff should have an established and tested (through drills or other simulations) process on how to shut down the computer system and restore it from available backup copies. The key is to plan what to do in the event of a ransomware attack before it happens rather than trying to scramble and figure out what to do after a system is infected.”

This is an excerpt from members-only content. Please log in or become a member to access the full content.