Legacy Medical Devices — Probably the Weakest Link in Healthcare Cybersecurity
Lets face it - Internet connected medical devices running on legacy hardware / software are clear and present danger for healthcare service providers.
Many of these legacy systems are vulnerable as noted by Heath Care Industry Cybersecurity Task Force 2017 report, due to inherent security weakness in these systems. The problem gets further compounded as often these system lack support from the manufacturers and thereby ability to patch and update products are either expensive or non-existent. Vulnerability testing with off-the-shelf security scanning tools are not possible due to closed nature of these systems.
Moreover, legacy devices often have 10-20 years of operational lifespans and replacing them is simply not practical. Adding to that, severe lack of trained security professional results in existing resources getting stretched thin in a highly demanding environment, making it a perfect storm.
According to an report published in a leading Healthcare magazine, 15 percent of the Healthcare organization are running outdated operating systems for which no patch or vulnerability protections are available.
Security experts across the spectrum consider this as one of the top concerns facing Healthcare cybersecurity.