Wednesday, October 24, 2018

Security in Legacy Healthcare Devices

The potential for security vulnerabilities exists in medical and dental devices just as it exists in anything that uses digital data, but especially if it is connected to the Internet.  We recently updated our network and in order to assure the safety of the PC that runs our 3D imaging system, we disconnected it from the Internet.  Why?  Quite simply it was because the manufacturer still has that machine running Windows XP.  If you don’t know this yet, let me let you in on a little secret, Microsoft stopped issuing security updates on that OS years ago.  That means that the only way we could protect ourselves was to make sure that machine couldn’t be touched from the outside.
I’m always doing research on technology and recently security has become a bigger and bigger problem for all of us.  It is even worse when we are forced to use legacy systems that were put in place *way* before the current security threats existed.  When I contacted my 3D provider I was told that newer systems ran on Windows 10.  Of course that would mean buying a completely new system which seems silly when the one I have is working perfectly.
I came across an article lately from HealthTech Magazine that goes over some of the problems we face with legacy systems.  The article itself is a good one by Jen Miller and definitely worth a read.  Here is an excerpt:

Healthcare organizations are facing a mounting security challenge: Not only is patient data a ripe target for hackers, but legacy hardware systems have such holes in their security that ERI called the current situation a “perfect storm.”

According to the report, 3.15 million patient records were compromised in 142 healthcare data breaches in the second quarter of 2018. A full 30 percent of privacy violations involved repeat offenders.

For the full article, you can find it here.  

1 comment: