HIPAA Blog

[ Thursday, September 15, 2022 ]

 

FBI Warns About Unpatched and Legacy Devices: Virtually all data storage and usage systems have vulnerabilities to hackers; it's just a matter of time and effort before some hacker finds a way to hack in.  Software designers address this by issuing patches whenever vulnerabilities are discovered; however, once a device or system is obsolete (usually when there are a few iterations of replacement versions), the designers stop pushing out patches, and instead encourage users to replace the old systems.  Software-laden medical devices and legacy data systems used by healthcare providers are no different.

Failure to patch or replace means those known vulnerabilities are there, ready for a hacker to exploit.  The FBI recently issued a notice to healthcare facilities and systems to keep up patching and/or replace old systems to avoid risks to the data held by such devices and systems.  In some cases, providers can't afford to replace old, unsupported devices, or replacement devices aren't even available; in those cases, facilities should take other steps to protect the devices or data: disconnecting the devices from the internet, clearing data regularly, resetting the device to original settings (or a current specific update), etc.  


Jeff [8:24 AM]

Comments: Post a Comment
http://www.blogger.com/template-edit.g?blogID=3380636 Blogger: HIPAA Blog - Edit your Template