For the past few years we have heard about some rather horrific security vulnerabilities in hospitals and sadly this has not changed at all. Indeed many hospitals are still on older, unsupported OSes such as WinXP that most security software no longer protects against the malware which was used. In one case a hospital using centralised intrusion detection software, updated endpoint protection, and new model firewall was still compromised using very old malware. In most of the cases described by The Register it was personal data and medical records which were compromised but that doesn't mean the medical appliances and physical security systems are not also vulnerable to attack.
"Attackers have popped three prominent US hospitals, using deliberately ancient malware so old that it slips under the radar of modern security controls to compromise Windows XP boxes and gain network beacheads."
Here is some more Tech News from around the web:
- Never-never chip tech Memristor shuffles closer to death row @ The Register
- Google Found Disastrous Symantec and Norton Vulnerabilities That Are 'As Bad As It Gets' @ Slashdot
- A month to go and Microsoft finally offers a 'no thanks' option for Windows 10 @ The Inquirer
- 5 SSH Hardening Tips @ Linux.com
- Corsair Lapdog – Gaming without a Desk @ [H]ard|OCP
- Play Store malware roots phones, installs an app every two minutes @ The Register
- Reverse Engineering Quadcopter Protocols @ Hack a Day
This is typically caused by
This is typically caused by hospitals buying medical hardware that only runs on the operating system(s) that exist at the time of production and is incompatible with any other operating system (because making it universal or offering upgrades costs money). You get left with a lot of working hardware running older, vulnerable operating systems.
You’re also hoping that the hospital is actually budgeting for adequate IT support as well.
Not sure whether its already
Not sure whether its already in act or not.
Why dont these governments regulate this sector. there should be a law that forces any medical equipment manufacture to support the equipment till EOL (SW & HW). also the manufacture should say in advance the support life of the equipment. its a bit harsher than normal, but we are talking about thousands of lives.