Outdated Software Still Run in 83% of U.S. Healthcare Systems

GE Healthcare’s Patient Monitors are Vulnerable, warned DHS

According to a study released on Tuesday, a significant portion of Internet-connected imaging devices in hospitals run outdated operating systems. The company found that 83% of these devices run on outdated software that cannot be updated even if the software contains known vulnerabilities that hackers can exploit. This number has increased significantly compared to 2018, which is in line with Microsoft’s end of support for Windows 7 earlier this year. Many computers run even older operating systems, including Windows XP, and Microsoft dropped support for Windows XP in 2014. Imaging equipment includes X-rays, MRI, mammograms and CAT scans, all of which require computers to provide support and control.

Security experts say keeping the operating system updated is one of the most important steps to keep hackers away from the device. However, when updates stop being released, hackers don’t stop looking for exploitable vulnerabilities. When a hacker eventually finds a vulnerability that can destroy an outdated operating system, manufacturers sometimes still provide updates, but there is no guarantee that they will.

Hackers may have multiple motivations to target equipment in hospitals. Among them, imaging and other medical equipment, such as infusion pumps and patient monitoring systems, may be vulnerable to ransomware attacks. Hackers locked the system and required payment to regain control. They can also use the computing power of hospital computers to mine cryptocurrencies, an attack known as “crypto hijacking.” This may cause the device to overheat or malfunction.

The study surveyed a total of 1.2 million Internet-connected devices in hospitals and other businesses, which is a small fraction of 4.8 billion Internet-connected devices. The study did not mention specific brands of imaging equipment. Researchers say hospitals may have difficulty updating their imaging equipment because they cannot buy it directly from software makers like Microsoft. Instead, they must rely on vendors who sell equipment to third parties to provide patches, a process that needs improvement.

LIFARS Gap Assessment Solution is designed to ascertain your comprehensive information security, risk and compliance status (current). Not only we determine your current state along with your risk appetite and tolerance, but we also provide you with an actionable roadmap to reach target maturity level including strategy, structure, governance, and operations management plan. Leveraging our extensive knowledge and experience, our competent Assessors and Project Managers focus on the following to deliver optimal services for you:

  • Identify key business processes and associated information flow to ensure adequate threat modeling.
  • Identify and engage key stakeholders to ensure adequate information discovery.
  • Adhere to industry best practices and standards such as ISO, NIST, COBIT, and CIS.
  • Provide Assessment Workbook prior to onsite and remote observations and interviews to maximize productivity.
  • Optimally engage stakeholders for interviews and observations to minimize time impact.
  • Provide Roadmap, Strategy and Operations Management plan aligned with your risk appetite and tolerance.
  • Present findings to key stakeholders including executives to influence cultural changes.



Contact LIFARS Immediately For

Your Cybersecurity Mitigation Plan