Chatbots, cyber shutdowns ranked the highest patient safety risks in 2026

Healthcare’s enthusiastic embrace of AI chatbots has landed the technology at the top of a closely watched list of medical device hazards for 2026, as providers and patients increasingly turn to tools like ChatGPT and Claude for medical guidance despite their tendency to generate incorrect, and sometimes dangerous, information.

The Top 10 Health Technology Hazards for 2026 executive brief from ECRI, an independent patient safety organization, placed “The Misuse of AI Chatbots in Healthcare” as its number one concern for the coming year.

“LLM responses can be incorrect—sometimes dangerously so,” the report states plainly. “Caution is required whenever using an LLM for an application that could influence patient care.”

Healthcare workers are increasingly turning to widely available chatbots for quick answers about medical conditions, treatment protocols, or even how to use medical devices. ECRI’s testing found instances where these tools recommended products or methods that could directly harm patients or staff. None of these commonly used chatbots, including ChatGPT, Claude, Copilot, Gemini, and Grok, were designed or regulated for healthcare use.

Even seemingly innocuous queries about which supplies to purchase or how to operate equipment can yield responses that lead users astray. These large language models generate predictions based on massive datasets, not genuine understanding, which can produce “hallucinations,” plausible-sounding but fabricated information that is delivered with unwarranted confidence.

A familiar hazard: unpreparedness for a “digital darkness”

The second hazard on ECRI’s list warns that many hospitals are unprepared for a sudden loss of digital systems. Cyberattacks, natural disasters, vendor outages, or internal failures could suddenly paralyze a healthcare facility that has become entirely dependent on electronic systems.

Clinicians lose access to medication histories, lab results, and treatment plans. Staff must operate under unfamiliar downtime procedures, working longer hours without their usual tools. Patients face delayed care or inappropriate treatment decisions. The organization hemorrhages revenue while facing potential regulatory sanctions.

When ransomware attacks happen, healthcare organizations have been forced to postpone procedures, divert patients to other facilities, and dramatically increase staff workloads, all while trying to maintain patient safety. Yet ECRI’s report suggests many facilities remain underprepared, lacking robust disaster recovery plans, reliable data backups, or adequate staff training for system outages.

“To prevent a downtime event from escalating into a hospital-wide safety crisis, organizations should strengthen disaster recovery planning, build robust recovery capabilities, and ensure organizational readiness through training, tabletop exercises, and safety drills,” the report recommends.

New tech, old problems

While cutting-edge technology dominates the top spots, the list reveals that fundamental safety challenges persist. Take tubing misconnections, a long-standing safety risk. Despite decades of awareness and the availability of safer connector designs, healthcare facilities, particularly in the United States, have been slow to adopt ENFit connectors for enteral feeding and NRFit connectors for neuraxial applications.

As a result, patients continue to die from errors like feeding solutions mistakenly delivered into IV lines. The physical compatibility of Luer-lock connectors across applications allows such catastrophic misconnections to persist. The solution exists and has been standardized internationally, yet adoption lags.

Similarly, deficient device cleaning instructions remain a recurring patient safety risk. Manufacturers often provide incomplete, impractical, or outright onerous reprocessing instructions for medical devices. Without clear guidance, healthcare workers can inadequately clean and sterilize reusable equipment, potentially exposing patients to infectious pathogens.

Water quality issues during instrument sterilization can also force facilities to delay surgeries when instruments become spotted with minerals, corroded, or retain bioburden. ECRI noted cases where operating room volumes had to be curtailed, delaying care and generating revenue losses.

Perhaps no hazard better illustrates the gap between technological advancement and patient safety infrastructure than recall communication failures for home diabetes management technologies.

Modern diabetes management has been revolutionized by integrated insulin pumps and continuous glucose monitors that communicate with each other and smartphones. But when something goes wrong, such as sensors yielding incorrectly high readings, pumps overdelivering insulin, or alarms failing to sound, the recall system often fails to reach patients in time or in terms they understand.

Recent recalls have involved issues that could cause hypoglycemia, hyperglycemia, seizures, coma, diabetic ketoacidosis, and death. Yet the traditional recall infrastructure was built for healthcare facilities with dedicated staff to manage medical equipment, not for individual patients managing complex technologies at home.

“Harm can result if product recalls and updates do not reach users in a timely manner or if recipients do not respond to those notices appropriately,” the report notes, calling on manufacturers, suppliers, and healthcare providers to develop better processes for communicating safety information clearly to home users.

Closing the safety gap

A theme runs through ECRI’s list: healthcare’s infrastructure has outpaced its ability to safely implement, maintain, and secure new technologies. Legacy medical devices create cybersecurity vulnerabilities. Technology configurations that don’t match clinical workflows force staff into unsafe workarounds. Medication safety technologies remain underutilized in perioperative settings where they’re desperately needed.

Even the hazard of combating substandard and falsified medical products takes on new urgency given potential policy changes at the federal level. The report notes that U.S. withdrawal from the World Health Organization could impede international supply chain protections, while workforce reductions at the Department of Health and Human Services might limit device inspections and recall management improvements.

For healthcare leaders, the list is less about frequency or severity than about identifying where immediate action matters most. That means acknowledging complexity, expecting human fallibility, and designing systems that help people do their best work even under stress.