Examining the Greatest Health Technology Threats of 2026

A Closer Look at ECRI’s Top Ten Health Tech Hazards – from AI Chatbots to “Digital Darkness” and beyond

Providing safe and effective patient care requires identifying sources of danger or difficulty with healthcare technologies. For nearly two decades, ECRI’s annual research report on the Top 10 Health Technology Hazards has flagged critical issues for hospitals, health systems, ambulatory surgery centers, and manufacturers to take steps to proactively mitigate risk. ECRI follows a rigorous review process to select topics, drawing insight from incident investigations, reporting databases, and independent medical device testing.

Download the Executive Brief of the Top 10 Health Technology Hazards 2026. ECRI members access the full report and solutions kit here. Read the report press release with commentary from ECRI President and CEO Dr. Marcus Schabacker.

1. The Misuse of AI Chatbots In Healthcare

AI chatbots and other large language models (LLMs) are not designed or regulated for healthcare purposes. Nevertheless, patients, clinicians, and others in healthcare are turning to tools like ChatGPT, Claude, Copilot, Gemini, and Grok for quick answers to questions that can impact patient care. LLMs are generative AI models that provide coherent, seemingly authoritative responses. On occasion, these responses can be incorrect. Sometimes dangerously so. Consulting LLMs for advice about medical conditions or treatments—or even posing seemingly innocuous questions like how to use a medical device or what supplies to buy—can have critical implications for patient safety. For example, ECRI testing identified instances of LLMs recommending products, or methods of use, that could lead to patient or staff harm. Users must recognize the limitations of these models and carefully scrutinize responses whenever using an LLM for an application that could influence patient care.

2. Unpreparedness for a “Digital Darkness” Event

A sudden loss of access to electronic systems and patient information—or “digital darkness” event—can compromise care delivery, delay treatment, and jeopardize patient safety. Cyberattacks, natural disasters, vendor outages, and internal system failures all could lead to such events, potentially paralyzing a healthcare facility. To prevent a downtime event from escalating into a broad safety crisis, organizations must establish downtime procedures, implement reliable data backup processes, build robust recovery capabilities, and test organizational readiness.

3. The Growing Challenge of Combating Substandard and Falsified Medical Products

The presence of substandard or falsified (e.g., counterfeit) medical products in the supply chain has become a persistent concern, creating the potential for injury and costing facilities time and money. When addressing this challenge in 2026, organizations must consider the potential impact that developments at the US federal level could have on their efforts. Decreased international cooperation along with workforce reductions could hinder efforts to safeguard the global supply chain. As a result, healthcare organizations themselves may have to shoulder more of the burden.

4. Recall Communication Failures for Home Diabetes Management Technologies

Advancements in home diabetes management technologies have improved patient’s quality of life. But the use of these technologies is not without risk. Faults described in recent recall notices include pumps that can overdeliver insulin, sensors that yield incorrectly high glucose readings, and alarms that are not communicated reliably. When devices require updating or are subject to a recall, it’s critical that users learn about such issues in a timely manner. Unfortunately, current mechanisms for educating home users are frequently insufficient. ECRI encourages providers and equipment suppliers to improve the notification process.

5. Tubing Misconnections Remain a Threat Amid Slow ENFit and NRFit Adoption

The physical compatibility of Luer-lock connectors on devices and lines intended for different purposes creates an environment in which misconnections can—and do—occur. Deaths have resulted, for example, from enteral feeding solution mistakenly being delivered into the vasculature through an IV line. Safer connector designs that prevent tubing misconnections in certain applications are available—specifically ENFit connectors for enteral applications and NRFit connectors for neuraxial ones. These products are widely used in many parts of the world, but adoption in the United States remains low, putting patients at unnecessary risk.

6. Underutilizing Medication Safety Technologies in Perioperative Settings

Technologies such as barcode medication administration systems, smart infusion pumps, and automated dispensing cabinets are commonly used in many critical care areas, but remain underutilized in perioperative settings. ECRI encourages healthcare organizations to work toward incorporating safety technologies in settings where surgical patients receive care before, during, and after a procedure because of the risks and routine practices in these care areas.

7. Deficient Device Cleaning Instructions Continue to Endanger Patients

Failure to properly clean and disinfect or sterilize reusable medical devices between uses can lead to the spread of infection, device damage, and other forms of harm. Successful reprocessing is made more challenging, however, by the wide variation in the content, quality, and feasibility of the reprocessing instructions provided by product manufacturers. ECRI challenges device manufacturers to do better. We also encourage healthcare organizations to assess reprocessing IFUs before making purchasing decisions.

8. Cybersecurity Risks from Legacy Medical Devices

Malicious actors are continually seeking to infiltrate healthcare networks to access patient data or extract ransom payments. A successful cyberattack can profoundly impact patient care. To protect themselves, organizations need to pay particular attention to “legacy devices”—that is, devices  or systems that are no longer being updated with sufficient cybersecurity protections, or that are otherwise unsecurable. Legacy devices provide an opening that malicious actors can exploit. When device replacement is not feasible, mitigating actions must be implemented.

9. Technology Designs or Configurations That Prompt Unsafe Clinical Workflows

The safe and effective use of medical devices requires that they be designed, configured, and incorporated into care processes with an understanding of current clinical practice, the environment of use, and the needs of the intended patient population. Insufficient attention to these factors can lead to usability barriers (e.g., improper default settings, duplicate documentation burdens), which may prompt workarounds that compromise device effectiveness and contribute to adverse events.

10. Water Quality Issues during Instrument Sterilization

The use of insufficiently pure water during high-level disinfection or sterilization risks exposing patients to potentially infectious pathogens, and may cause damage or leave visible debris that renders the instruments unsuitable for use. ECRI is aware of instances in which water quality challenges forced facilities to significantly curtail OR procedure volumes. To prevent such outcomes, ECRI recommends that healthcare organizations work toward the goals outlined in ANSI/AAMI ST108:2023: “Water for the Processing of Medical Devices.”