Hospitals are facing a patching conundrum. Like that old T-shirt from college, many orgs—including medical ones—hang on to tech that eventually needs a little mending. Software patches, usually downloaded from a vendor’s site, act as quick code replacements and (hopefully) fixes for discovered vulnerabilities.
Healthcare facilities, however, have a patchwork of devices: laptops, network-connected infusion pumps, sophisticated surgery systems, and other specialized instruments that must be kept both up to date and operating.
But ransomware actors have increasingly targeted hospitals—sometimes through both known and unknown vulnerabilities. Global ransomware attacks against the health sector have increased, according to The Cyber Threat Intelligence Integration Center, from 214 claimed victims in 2022 to 389 in 2023.
Former and current healthcare IT pros spoke with Healthcare Brew about tactics that helped them handle as many patches as possible. In their view, implementing safeguards like network segmentation and tabletop exercises for the holes that go unseen is just as important as having a patch management program.
A rough state. A report from the cybersecurity company Claroty, released in March 2024, found that 23% of the firm’s studied medical devices have at least one “known exploited vulnerability,” and 14% are running an unsupported or end-of-life operating system, a technology that has a newer version available, and often will no longer receive updates.
Keep reading here.—BH
|