An analyst note from the Department of Health & Human Services in the USA reported 68 ransomware incidents on healthcare organisations worldwide for Q3 (July-September) of 2021 alone. That’s almost one a day! The widespread use of legacy devices by the healthcare sector creates an environment that threat actors can use to launch ransomware attacks.

The analyst note also reveals that health and medical clinics are the most frequently attacked followed by healthcare industry services and hospitals, which indicates that size of facility does not influence vulnerability – all healthcare facilities are subject to ransomware risk: the WannaCry ransomware attack in May 2017 affected 81 trusts, 603 primary care centres, and 595 GP practices of the UK’s National Health Service.

Why Ransomware Targets Healthcare

Why do ransomware groups target healthcare? The use of legacy devices is just one of several reasons why threat actors aim their attacks at healthcare facilities. Let us take a closer look at the reasons behind the increase in attacks on healthcare before we dive deeper into protecting legacy devices.

  1. Value of PII – The value of stolen Personally Identifiable Information (PII) on the dark web is the same irrespective of whether it is stolen from a large or small organisation. All healthcare organisations store a great deal of PII, making them high value targets for threat actors
  2. Probability of Payment – Hospitals exist to save lives. A ransomware attack that cripples a hospital’s IT infrastructure could (and has) cost lives. Therefore, hospitals are regarded as more likely to pay the ransom to resume normal operations quickly. Threat actors are so sure that hospitals will pay, they have even demanded additional ransom once a hospital paid the first ransom demand
  3. Limited IT Resources – Hospital IT teams are not cybersecurity specialists and find it difficult to configure complex cybersecurity solutions, resulting in suboptimal configurations that provide an opportunity for threat actors to strike
  4. Legacy Devices – Healthcare facilities often use highly specialised equipment that are controlled by computers provided by the vendor and use software that is specifically written to work with the supplied version of the operating system. The high durability of this equipment results in hospitals relying on operating systems that are no longer supported by the vendor, greatly increasing the probability of a cyberattack

Of these 4 reasons why healthcare organisations fall victim to ransomware, we will focus on the problem presented by legacy devices as they provide the means for a ransomware group to launch an attack against the healthcare facility.

Legacy Devices Open the Doors to Ransomware

All healthcare devices are subject to cyber risk. A 2017 study by the Ponemon Institute reveals that 67% of device makers and 56% of Healthcare Delivery Organisations believe that an attack on medical devices is likely. This problem is compounded when the devices are powered by legacy operating systems.

There are 2 primary reasons why legacy devices pose a ransomware threat:

  1. No Security Updates – The operating systems on many legacy devices have reached end of support i.e., the vendor no longer provides security updates and patches for the operating system. New vulnerabilities are always being discovered in operating systems and threat actors can exploit these vulnerabilities to launch ransomware attacks
  2. Unpatched Devices – Healthcare facilities are often averse to applying security patches that are available because the process of patching causes equipment downtime which limits patient treatment. While this affects both new and legacy devices, the risk presented by legacy devices are greater because they have been around longer and more vulnerabilities have been discovered in them. Unsupported devices may receive patches if the risk is deemed to be severe e.g., Microsoft released an emergency security patch for older, unsupported operating systems in the wake of the WannaCry ransomware, but such legacy devices often remain unpatched, greatly increasing the risk of a ransomware attack. K7 recommends that all security patches should be applied as soon as they become available. The downtime caused by patching is very short compared to the disruption that would be caused by a ransomware attack

K7 Security Protects Legacy Devices

K7 Security provides protection against malware, ransomware, phishing, Trojans, zero-day attacks, and many other cyberthreats for enterprise desktops, laptops, and servers through endpoint security solutions that can be deployed on-premises and through the cloud. These solutions are designed to support a wide range of operating systems with no feature restrictions on older platforms and no additional charges for legacy support.

The supported operating systems are:

  • Microsoft Windows XP (SP2 or later)[32bit], Windows 7, Windows 8, Windows 8.1, Windows 10, Windows 11
  • Windows Server 2003 (SP1 or later), Windows Server 2008, Windows Server 2012, Windows Server 2016, Windows Server 2019

More information on features and support is provided in the brochures for K7 On-premises Endpoint Security and K7 Cloud Endpoint Security.

K7 Security always recommends that legacy devices be updated/upgraded, where possible, to use operating systems that receive vendor support as supported devices provide greater security against cyberthreats.

K7 Security Protects Organisations with Limited IT Resources

We have mentioned earlier that healthcare organisations do not have IT teams with cybersecurity specialists which can lead to suboptimal configurations that provide opportunities for attackers. K7 Security’s solutions are designed to be deployed quickly and easily with out-of-the-box configuration that suits most organisations and an intuitive interface that facilitates easy changes to settings if any tweaking is required. Coupled with transparent reports and relevant notifications, K7’s endpoint security solutions ensure that IT teams are placed under no stress and can manage the organisation’s cybersecurity with basic knowledge of IT systems and networks.

K7 Security’s international award-winning enterprise cybersecurity solutions protect healthcare organisations operating in diverse computing environments. Please read our case studies on protecting healthcare organisations (Multi-speciality Hospital Chain, Teaching Hospital & Research Institute, Multi-speciality Hospital and Research Centre), or Contact Us to learn more about how we can help you secure the IT infrastructure in your healthcare facility.


Like what you're reading? Subscribe to our top stories.

2023 K7 Computing. All Rights Reserved.