When Hospitals Need Bandaids

Infection Prevention:

Hospitals are vulnerable to cybercrime. Ostra is the solution.

 

For the past two days, IT teams in hospitals across the country have gathered in command centers to secure older devices from a security vulnerability. This came at the urging of the Microsoft Security Response Center, which discovered the “zero day” threat on Tuesday.

When vulnerabilities are detected in newer operating systems, patches are applied through Microsoft’s automatic updates. But in many cases, hospital equipment runs on older versions of Microsoft Windows operating systems that are no longer supported with new patches. And while the obvious answer may be to update those systems, often it is a difficult problem for hospitals to keep current with technology. Sometimes continuously updating equipment is highly risky or cost prohibitive. In other instances, the long approval and installation process of medical equipment and implantable devices results in implementation of technology that is already old “out of the box.”

The net result leaves hospitals vulnerable to threats such as the one that surfaced this week targeting an older operating system feature called RDP (remote desktop protocol). According to Microsoft, this threat is highly likely to be incorporated in malware in the near future. Like its very damaging predecessor “WannaCry,” malware exploiting this vulnerability will be particularly dangerous because it won’t require access to the computer it is infecting.

While many hospitals handle vulnerability countermeasures as a part of the normal security workload, the margin for error is thin. It only takes one affected computer in a network for a “wormable” infection to spread. Ostra’s cybersecurity solution can prevent outside threats from getting in, and can provide configuration support to isolate older devices to further reduce risk. While it maybe strategically impossible to eliminate older devices from a hospital setting, Ostra can make sure older devices in hospitals don’t become the cyber equivalent of Typhoid Mary.