A new White Paper entitled: ‘Legacy Applications: A Healthcare Cyber Security Nightmare’ has been co-authored by clinical and cyber security consultancy AbedGraham and healthcare data management specialist BridgeHead Software. The document explores the far-reaching implications that vulnerable legacy applications have for healthcare organisations regarding cyber attacks.
With the devastating effect of the WannaCry attacks of 2017, and the increase of cyber crime specifically targeting the healthcare industry, the White Paper delves into the clinical, operational, financial and governance risks posed by providers that continue to run and maintain legacy systems, while also offering a solution as to how those risks can be mitigated.
Dr Saif Abed, medical doctor, healthcare cyber warfare expert and co-author of the White Paper, informed Risk Xtra: “Healthcare is the new frontier of cyber crime and cyber warfare. Attackers are looking for any way they can to compromise systems and networks at scale even if that means threatening patient care. Legacy applications, in particular, are often riddled with vulnerabilities ready to be exploited by everyone from petty opportunists to major organised crime groups.”
In its 2019 ‘Top of Mind’ Survey, The Centre for Connected Medicine polled IT executives across 38 health systems, concluding that cyber security continues to be the biggest concern across the industry.
Gareth Griffiths (CTO at BridgeHead Software and co-author of the White Paper) agrees with these findings, commenting: “Cyber security continues to be top priority for hospitals around the world. As we saw from the WannaCry outbreak, cyber attacks can have devastating effects for providers. It’s not just limited to the challenges associated with quickly and efficiently recovering systems and data, which is a given. It’s also the disruption to hospital operations and critical patient services that create a domino effect. From discharge and referral delays through to the cancellation of elective surgical procedures, the redistribution and transfer of patients to alternative providers, the list goes on and on. These effects can have a direct bearing on a hospital’s finances, regulatory compliance, legal position and reputation.”
Continuing this theme, Griffiths urged: “That being so, why not eliminate or, at the very least, mitigate these risks by reducing the threat? Decommission legacy applications and remove the security loopholes that cyber criminals are increasingly drawn towards.”