“Legacy applications pose serious cyber security risks to hospitals” warns BridgeHead Software

A new White Paper entitled: ‘Legacy Applications: A Healthcare Cyber Security Nightmare’ has been co-authored by clinical and cyber security consultancy AbedGraham and healthcare data management specialist BridgeHead Software. The document explores the far-reaching implications that vulnerable legacy applications have for healthcare organisations regarding cyber attacks.

With the devastating effect of the WannaCry attacks of 2017, and the increase of cyber crime specifically targeting the healthcare industry, the White Paper delves into the clinical, operational, financial and governance risks posed by providers that continue to run and maintain legacy systems, while also offering a solution as to how those risks can be mitigated.

Dr Saif Abed, medical doctor, healthcare cyber warfare expert and co-author of the White Paper, informed Risk Xtra: “Healthcare is the new frontier of cyber crime and cyber warfare. Attackers are looking for any way they can to compromise systems and networks at scale even if that means threatening patient care. Legacy applications, in particular, are often riddled with vulnerabilities ready to be exploited by everyone from petty opportunists to major organised crime groups.”

In its 2019 ‘Top of Mind’ Survey, The Centre for Connected Medicine polled IT executives across 38 health systems, concluding that cyber security continues to be the biggest concern across the industry.

Gareth Griffiths (CTO at BridgeHead Software and co-author of the White Paper) agrees with these findings, commenting: “Cyber security continues to be top priority for hospitals around the world. As we saw from the WannaCry outbreak, cyber attacks can have devastating effects for providers. It’s not just limited to the challenges associated with quickly and efficiently recovering systems and data, which is a given. It’s also the disruption to hospital operations and critical patient services that create a domino effect. From discharge and referral delays through to the cancellation of elective surgical procedures, the redistribution and transfer of patients to alternative providers, the list goes on and on. These effects can have a direct bearing on a hospital’s finances, regulatory compliance, legal position and reputation.”

Continuing this theme, Griffiths urged: “That being so, why not eliminate or, at the very least, mitigate these risks by reducing the threat? Decommission legacy applications and remove the security loopholes that cyber criminals are increasingly drawn towards.”

*Download the White Paper

About the Author
Brian Sims BA (Hons) Hon FSyI, Editor, Risk UK (Pro-Activ Publications) Beginning his career in professional journalism at The Builder Group in March 1992, Brian was appointed Editor of Security Management Today in November 2000 having spent eight years in engineering journalism across two titles: Building Services Journal and Light & Lighting. In 2005, Brian received the BSIA Chairman’s Award for Promoting The Security Industry and, a year later, the Skills for Security Special Award for an Outstanding Contribution to the Security Business Sector. In 2008, Brian was The Security Institute’s nomination for the Association of Security Consultants’ highly prestigious Imbert Prize and, in 2013, was a nominated finalist for the Institute's George van Schalkwyk Award. An Honorary Fellow of The Security Institute, Brian serves as a Judge for the BSIA’s Security Personnel of the Year Awards and the Securitas Good Customer Award. Between 2008 and 2014, Brian pioneered the use of digital media across the security sector, including webinars and Audio Shows. Brian’s actively involved in 50-plus security groups on LinkedIn and hosts the popular Risk UK Twitter site. Brian is a frequent speaker on the conference circuit. He has organised and chaired conference programmes for both IFSEC International and ASIS International and has been published in the national media. Brian was appointed Editor of Risk UK at Pro-Activ Publications in July 2014 and as Editor of The Paper (Pro-Activ Publications' dedicated business newspaper for security professionals) in September 2015. Brian was appointed Editor of Risk Xtra at Pro-Activ Publications in May 2018.

Related Posts