Consequently, even if a medical facility protects its network, it remains vulnerable if a laptop connected to an MRI is still running on the older software.
The prohibitive cost of medical equipment often prevents hospitals, surgery centers and medical practices from replacing older machines or other devices that operate on outdated software. Or vendors may only provide an upgrade if the facility agrees to spend thousands of dollars on new devices. For example, the latest camera for imaging equipment is required in order to make it compatible with newer versions of Windows—at a cost of $200,000. In fact, concerns about compatibility issues, in general, can prevent some healthcare professionals from updating their equipment.
Assess risks, address vulnerabilities
Regardless of the reasons, medical practices leave themselves open to attacks by hackers when they delay upgrades. Like a slow-growing cancer, malware that infects medical devices operating on older software can remain dormant for a long period before erupting into ransomware demands that debilitate the entire network.
To catch cyber culprits in the early stages—or to prevent them from gaining access in the first place—it is essential to perform a security risk assessment (SRA).
But the SRA is not enough on its own. Medical practices must also back up and encrypt their data, conduct vulnerability scans, develop backup/disaster recovery plans and train employees to spot phishing scams that could lead to malware and ransomware attacks.
The rapid proliferation of medical devices demands active measures to protect patients from harm by hackers. That means practices cannot afford to lag behind in keeping all access doors to health data firmly locked.