Healthcare News & Insights

Hospitals at risk from new Microsoft software vulnerabilities: How to respond

Alerted by the National Security Agency (NSA) about critical security weaknesses in its Windows 10 operating system, tech giant Microsoft released software fixes to address 49 flaws – and it’s important for hospitals to make the necessary updates to their hardware ASAP, if they haven’t already. 

The Cybersecurity and Infrastructure Security Agency issued an emergency directive strongly recommending that businesses and organizations using Windows 10 install the updates – starting with mission-critical systems, internet-facing systems and networked servers – as soon as possible, according to an article from FierceHealthcare.

That’s because the NSA warned in an advisory that hackers disguised as legitimate entities could potentially break into trusted network connections and attack by delivering executable code. Also, given the escalating tension with Iran, there’s an elevated risk of cyberattacks from abroad.

Concerned about confidential information being compromised, the HHS Office of the Assistant Secretary for Preparedness and Response has urged healthcare organizations to make the Microsoft security patch a high priority.

However, one of the greatest challenges facing hospital and health system IT departments is the time involved in updating hundreds of servers and thousands of connected medical devices. Slowing the process down will be the need to test each medical device separately for the sake of patient safety and ensuring the update doesn’t cause a malfunction.

Double threat

Because of the long lifecycles of medical devices, and to avoid expensive upgrades, many devices critical to patient care still run on the old Windows 7 operating system.

Amplifying the urgency of the patch situation is that Microsoft has stopped providing support and security updates for Windows 7, making some computers and devices even more vulnerable to hacking, malware and ransomware attacks like WannaCry, which infected more than 300,000 machines in 150 countries in 2017.

For a fee, extended support for Windows 7 is available for Microsoft enterprise customers, which could prove too costly, depending on your inventory.

Beefing up cybersecurity

To maintain system integrity, healthcare leaders and IT teams must work together to come up with a migration plan to a supported version of Windows. That includes identifying what devices don’t have the option of being upgraded.

If there are technical and financial obstacles in migrating to Windows 10, it’s time to implement risk control measures, such as using network segmentation for devices using Windows 7 and moving any obsolete servers behind firewalls.

If IT improvements aren’t already a part of your budget, this security snag should serve as motivation to leave room in your budget to upgrade the technology you use in your hospital.

Subscribe Today

Get the latest and greatest healthcare news and insights delivered to your inbox.

Speak Your Mind