Healthcare organizations are facing a mounting security challenge because of the legacy hardware systems that have such holes in their security which can be called a “perfect storm.” In the second quarter of 2018, 3.15 million patient records were compromised in 142 healthcare data breaches as per the reports.
Vulnerabilities around legacy hardware come in two forms. The first is, when it comes to healthcare hardware, security hasn’t been a priority. Modern IT systems are being designed with security baked in from the beginning which wasn’t the case with medical devices, and still often isn’t the case.
While new devices might be developed with security at least tacked on as an afterthought, the legacy hardware that was developed years before ransomware became a high-profile problem is still in use. For instance, think of a device conceived using Windows XP that goes into practical and clinical use for eight years. It could be in operation well after Microsoft stops issuing patches for it whereas Microsoft stopped supporting Windows XP in 2014.
The second type of vulnerability is that hospital systems aren’t necessarily budgeting for security while they are busy with saving lives. You might have a very secure medical device, but it goes into a clinical environment where no one knows anything about security and can hence become futile.
Healthcare data is attractive to hackers because it’s information that can be used over and over again. One can do a lot of damage in the long term with this type of information. A weakness in an MRI machine or CT scanner could be a hacker’s entry point into the entire healthcare IT system and that is precisely why we need more robust medical security systems.