How Outdated Equipment Opens Healthcare Facilities Up to Cyberattack

With all of the ransomware attacks and IoT ramp-up creating more opportunities for “medjacking” (yes, it’s a real term), healthcare facilities are facing a crisis of huge proportions. The crisis is made worse by the fact that too many healthcare organizations are using outdated equipment and legacy systems, such as those types of devices that are on an IoT network.

“They [the healthcare industry] have a lot of vulnerabilities going on,” says Chris Tarbell, who is part of the cybersecurity and investigations practice at Berkeley Research Group, which is investigating the problem. “They have a lot of old software that was never meant to be part of [IoT] networks. They have old equipment, end-of-life equipment. They are kind of behind and trying to catch up. But they don’t have the money.”

A Case of Bad Funding

It seems unthinkable that “they don’t have the money,” given what hospitals must clear every year, collectively. But, as Tarbell goes on to explain, it’s a case of improper or poor funding allocation on the part of healthcare organizations. The further problem is that ransomware attacks have tainted many facilities, who are then denied funding by parent organizations, which means less expenditure on updating equipment along with less IT and cybersecurity spending as well.

Tarbell continues by saying “Regulations put on [healthcare facilities] by HIPAA are insane.” He should know, having been a lead investigator into some of the recent cyberattack and hacking cases. He says the only thing that can save hospitals and clinics is lots of money. And, IT services that put business continuity and cybersecurity first and foremost.

Taking Inventory

Taking a comprehensive inventory of existing equipment is a needed first step for healthcare facilities. Tarbell relates that he still sees a lot of Windows 2003 and XP boxes online. Those platforms are no longer supported by Microsoft, so issues will fall into a black hole and not see the light of day for healthcare organizations running outmoded operating systems.

Taking end-of-life machines offline is the next step, then. Not taking them offline until new machines that run on updated operating systems is like handing out invitations to black-hat hackers. And, after that? Hospitals need to explore getting real-time software backups and vulnerability scanning, as well as storing data backups off-site.

IT Experts for Healthcare IoT Optimization

Hospitals and other healthcare facilities’ IT departments can’t get to that state of security optimization all on their own. They need outsourced IT (.a.k.a. vCIO) to help pull them into cybersecurity optimization, compliance, and IoT safety. If your organization needs advice on IoT network optimization, a specialist can help you at eSOZO Computer and Network Services, which is a proven leader in providing IT consulting and managed IT services in New Jersey. A managed service provider can help by completing a security assessment of at-risk businesses. This will help define your immediate needs vs. the not-as-urgent needs. Contact one of our helpful IT experts at (888) 376-9648 or send us an email at info@esozo.com today, and we can help you with any of your questions or needs.

Author: Aaron White, Date: 8th November 2016