After the US National Security Agency (NSA) alerted last month about the critical security weaknesses Microsoft Windows 10 operating system, the tech giant released software fixes and addressed the 49 flaws that were present. This made it necessary for hospitals to update their systems and even the hardware.
In its warning, NSA stated an advisory that disguised as legitimate entities, hackers could potentially break into the trusted network connections and deliver an executable code for the attack. NSA also warned about international attacks as there are tensions escalating with Iran. Post this, the Cybersecurity and Infrastructure Security Agency issued an emergency directive recommending organizations to install mission-critical systems, networked servers, and internet-facing systems on their Windows 10 systems.
Concerned about confidential data being open to cyberatacks, the United States Department of Health & Human Services (HHS) Office of the Assistant Secretary for Preparedness and Response urged the healthcare organizations to consider this security patch of Microsoft as a high priority. But, the greatest challenge that IT departments of hospital and health system face is the time involved in updating not just hundreds of servers but also the thousands of medical devices connected to them. The need for each medical device to be tested separately for patient safety and to ensure that there is no malfunction can slowing the process down.
This long process have not just slowed the updates, but also the necessary upgrades. Due to the long life cycles of medical devices, especially the ones critical to patient care, many still run on Windows 7 OS. Even though Microsoft has stopped providing security and support updates for Windows 7, hospitals continue to use them to avoid expensive upgrades. This makes these computers and devices more vulnerable to hacking, ransomware and malware attacks. Even though, Microsoft provides an extended support for Windows 7, but that comes with a fee and can prove too costly for organizations depending on their inventory.
Maintaining system integrity must become a priority for healthcare IT leaders and teams must work on a migration plan to Windows 10. This might also require implementing risk control measures like using network segmentation for devices on Windows 7 and even moving obsolete servers behind firewalls.