by
Sean Ruck, Contributing Editor | October 02, 2018
From the October 2018 issue of HealthCare Business News magazine
But the problem was that they put a bandage on something that potentially had a deeper wound. As those protocols were added, the possibility that they could hide but not necessarily fix other flaws increased. That means the industry had to continue playing catch-up to keep legacy devices safe and adhere to the appropriate level of performance to head off vulnerabilities, even as the revenue stream for those devices slowed.
That information lead to the question that probably causes sleepless nights for hospital administrators – at what point does it become more financially responsible to buy new technology instead of patching legacy equipment?
It could be argued that the WannaCry attack that wreaked havoc in U.K. hospitals last year had the potential to physically harm patients due to it blocking access to medical records and causing the rescheduling of non-critical medical operations, the harm wasn’t direct. While some experts have warned that it’s possible we could see hacks to pacemakers or other devices that would cause direct harm to people, so far it’s been ransomware attacks and theft of patient information, which all seems targeted at a direct for-profit focus. Regardless of the rationale behind the attacks, the potential financial impact for a compromised hospital or healthcare system is enormous. Consider the cost of a few days’ downtime on one of your heavily-used pieces of imaging equipment. Now multiply that by however many different modalities you have in use every day and consider that financial impact. That’s not even taking into account the hit to your organization’s reputation. So that’s why McNeil urges people to understand where their vulnerabilities are. “So the very first task is that you take an inventory of the equipment and see where you have systems that are still being supported, because you need to know where your exposure is in that particular environment,” he said.
By support, McNeil means you need to know which devices are still being monitored by the OEM or software provider, how often patches are introduced, and what kind of access you have to customer support in case something seems strange. After you’ve done your assessment, he advises you weigh your financial decisions and focus on the higher-risk areas to replace equipment if possible. “Now, for those that can’t be replaced, we need to understand what other isolations and hardening of the systems can be done,” he said.
Still, his main advice when using connected technology is to go with what is supported. “The notion of patches will always be attractive because malware will continue to evolve,” he said.
Back to HCB News
