Taiwan based company QNAP is a manufacturer of NAS (network attached storage) devices. Frequently these types of devices at "computer boxes" that function as hard drives or storage drives that are not connected to a computer, but instead are simply plugged into the network and can be accessible by any user. Often times NAS devices are setup and put on a network by IT providers to allow for backups to be run and kept onsite.
While onsite backups are just *one* of the links in your "backup chain" they certainly work well and can be a godsend in case of a loss of data that is not the result of a catastrophic failure in the infrastructure due to some type of physical disaster. Having a NAS that can be accessed quickly over the LAN can allow a practice to be back up and running in minutes.
However, because a NAS also needs to have an operating system to function, the security of that operating system is hugely important and has the potential to lead to an IT disaster. That's not to say that a NAS is any easier to hack or to target than anything else on the network. Every piece on the network needs to be as secure as possible.
I don't have any numbers that indicate the number of QNAP devices in use in healthcare, but when it comes to security, I'd prefer to err on the side of caution, hence the subject of today's post. If you happen to have a QNAP device deployed and in use in your office, it needs to be update immediately.
According too a an article in Ars Technica, there are around 29,000 QNAP devices needing a critical jOS update. Apparently there is a bug in their OS that can allow for Ransomware to be easily installed. A web query indicates that only around 2% of the vulnerable devices have been patched.
No comments:
Post a Comment