How legacy operating systems and firmware could endanger patients

By Steve Hunter*
Friday, 15 May, 2020

How legacy operating systems and firmware could endanger patients

The recent increase in demand on the healthcare system as a result of COVID-19 has led to the rapid adoption of digital technologies in an attempt to maintain continuity and productivity.

With 61% of healthcare providers not having effective central systems and processes for patient life cycle management, healthcare organisations will have to consider the interoperability between emerging technologies and legacy systems to ensure a seamless integration.1

As organisations leverage the Internet of Medical Things to ease the COVID-19 strain and improve organisational and patient outcomes, the subsequent increase in connected devices adds to the complexity of networks. Connected healthcare devices such as patient tracking and identification systems, infusion pumps and imaging systems, as well as infrastructure devices like building automation systems, physical security systems, uninterruptible power supplies, backup generators and other operational technology systems, all play a critical role in the continuity of the healthcare system.

While cloud adoption provides an increase in visibility and control of these crucial devices, it equally provides an increased attack surface, with the constant connectivity giving bad actors a gateway to exploit vulnerabilities. Additionally, with many healthcare facilities relying on a combination of cloud and legacy operating systems (OS), risk is further increased as the use of dated equipment provides the opportunity for old vulnerabilities being exploited, as evident from the BlueKeep exploit.

The BlueKeep exploit, which currently threatens countless devices, targets older, unpatched versions of Windows, preying on devices that aren’t updated. However, when attempting to fix the BlueKeep flaw, Microsoft also discovered another vulnerability named DejaBlue, which can affect newer machines and those running Windows 8 or 10. These destructive exploits attack a system’s remote desktop protocol, potentially taking control over the device with full user rights. The attackers could view, add, delete and change data and use this for ransom. Such malicious actors or other ransomware attempts can stall healthcare operations and potentially cause a life-or-death situation for patients.

Medical devices running legacy OS and firmware require costly updates and potentially incur downtime that isn’t acceptable for critical-care systems. And some legacy applications simply won’t work with more recent versions of an OS due to lack of support, compatibility or licensing issues and must be run ‘as is’ using additional controls to provide security.

Medical applications therefore require a combination of contemporary and legacy operating systems, meaning the need for full visibility is more critical than ever. In the second half of 2019 the health sector again reported the highest number of data breaches, accounting for 22% of all data breaches notified to the Office of the Australian Information Commissioner.2

Medical networks must be monitored by proper tools to detect anomalies that could disrupt operations and endanger their patients. Additionally, connected networks and devices must be segmented appropriately to protect access to critical information and services.

By segmenting the organisation’s network, healthcare facilities can reduce their risk in four ways:

  1. Improved security: Network traffic can be isolated to prevent access between network segments.
  2. Better access control: Users are only allowed to access specific network resources.
  3. Better containment: Reduce the impact of a compromise or malware event to a smaller ‘blast radius’.
  4. Identify suspicious behaviour: By logging events, monitoring successful or unsuccessful internal connections, organisations can detect suspicious behaviour and prevent future attacks.

As healthcare facilities adopt new technologies to integrate into their workflows, bad actors are looking for vulnerabilities in the new and old systems, ready to exploit the transition. The stakes are incredibly high; attacks could literally be life-or-death, and malicious actors use this pressure to capitalise on ransomware or other security breaches.

By gaining full visibility into networks and systems, security officers could see suspicious traffic in the system, possibly before it can cause damage. Network segmentation is essential to wall off parts of the network and improve protection from attackers. With clear visibility and network segmentation, healthcare facilities can better understand exposure, detect threats sooner, respond faster and better protect all stakeholders.



*Steve Hunter is Senior Director, System Engineering Asia Pacific & Japan, Forescout.

Image credit: ©

Related Articles

How AV can benefit you and your patients' experience

Technology — particularly AV technology — can play a large role in helping patients...

The role of video telehealth in supporting Australia's COVID-19 vaccine rollout

Video telehealth can play an important role in supporting Australia's vaccine rollout efforts...

Trauma care in 2032

The Jamieson Trauma Institute commissioned a team at QUT to visualise the future of trauma care...

  • All content Copyright © 2021 Westwick-Farrow Pty Ltd