Hospitals Outdated Operating Systems Might Leave Patients Data at Risk!
Your doctor might be using the latest cellphone with a camera that can shoot sharper than your eyes. But what about the devices that are being used for X-rays, CAT scans and MRI machines?
The technology is advancing at an exponential speed, even last season’s devices may seem to feel outdated, the surprising part is that countless hospitals are still using Windows 7 or XP to operate medical procedures.
How credible could it be? This seriously sends chills down my spine as I write and realize how terribly wrong things could go.
The scariest part is that it’s not only the devices that are a point of concern, but the real harm here is also from the hacker’s community. Cybersecurity researchers uncovered that more than 4 out of 5 medical imaging devices were vulnerable to attacks by hackers as they are running on unsupported operating systems.
The research was conducted by Palo Alto Networks, a cybersecurity firm, it revealed that 83% devices ran on outdated services that can’t even be updated even when it contains several loopholes that hackers can easily bypass and exploit.
We conducted independent research, visiting around 18 hospitals and found our results to be similar to that of Palo Aalto Networks. The key problem was that almost all the hospitals we visited had outdated systems and secondly, the doctors and staff who operated them had little or no knowledge about cybersecurity.
The perilousness was only increased highly from 2018 instead of being remedied of, as Microsoft ended its support for Windows 7 and for XP it stopped its upgrades and support in 2014. Keep in mind that there are more devices running on XP than Windows 7.
Head of research at Palo Alto Networks, Ryan Olson said, “Keeping your operating systems updated is one of the most important steps security experts say you can do to keep hackers out of your devices. But when the updates stop coming, bad guys and researchers alike don’t stop looking for flaws to exploit. When someone eventually finds a new way to compromise an outdated operating system, the manufacturer will still sometimes offer an update, but there’s no guarantee that they will.”
While this is the condition of hospitals in the US, it can be imagined what condition third world country hospitals would be in. The hackers could also use these machines to mine cryptocurrency or push ransomware attacks, which has been the case in the past such as Conficker.
While one step to prevent hacking attempts could be the use of VPN services so that at least the data remains encrypted and no unauthorized access is gained to hospitals.
Primarily hospitals are unwilling to spend on technology upgradation because hospital management systems are configured on specific systems only and now they have become outdated. To upgrade their management systems and use more advanced and safer operating systems, hospitals must spend a good amount of money on devices as well as software.
This poses a serious threat to patient records and subsequently their treatments. Medical tests can be modified and the results can be changed, for example in the case of job-related medical examinations. However, the greater risk is that the stolen data can be sold to advertisers, especially to pharmaceutical companies, after all, it is a multibillion-dollar industry.
Olson also added that they are seeing a shift from IoT botnets conducting denial-of-service attacks to more sophisticated attacks targeting patient identities, corporate data, and monetary profit via ransomware, so this threat should be remedied as soon as possible.