Hospitals At Risk Due To Outdated Operating Systems

The risks associated with older operating systems that are no longer supported by security updates has been highlighted in a new report.

The IoT report, from Unit 42 at Palo Alto Networks, has warned that the healthcare sector “is in critical shape” due to the fact they are using network-connected medical equipment such as X-RAY machines, that often run end-of-life operating systems with known vulnerabilities.

These outdated operating systems include Windows XP (released in 2001), Windows Vista (released in 2006), and Windows 7 (released in 2009).

Old operating systems

Microsoft ended its official support for XP back in April 2014, and it also canned support for Windows 7 in January this year.

The fact that hospitals are still running X-RAY and MRI machines, as well as CAT scanners, using these old unsupported operating systems makes them vulnerable to exploitation.

Indeed, Unit 42 found that more than four out of five medical imaging devices it reviewed were running on unsupported operating systems.

Indeed, it examined 1.2 million internet-connected devices in hospitals and other businesses and found that 83 percent of these network-connected devices run outdated software.

Hospitals are not the only organisations at risk of out of date software.

In 2017 for example Greater Manchester Police was found to be still using Windows XP, despite Microsoft ceasing support for the venerable operating system back in 2014.

Hack risk

But the research prompted a warning from security experts about the dangers posed by unsupported machines.

“If these machines are hooked up to unsupported and out-of-date operating systems, they are in a seriously dangerous position – effectively playing Russian roulette with their cyber security,” explained Jake Moore, cybersecurity specialist at ESET.

“These machines are could be extremely vulnerable to new threats and will be a direct target for cybercriminals,” said Moore. “If 83 percent of these devices are running outdated software, they have clearly not learnt from the WannaCry fiasco in 2017, and are leaving themselves open to new attacks.”

“However, organisations that still use Windows 7 may be paying for extended support, which may not be clear at first,” said Moore. “All I can suggest is that they have a scheduled plan in place for when they decide to move over to more up-to-date systems to better protect themselves from future threats.”

In July 2019, researchers at Imperial College London warned that the NHS remains vulnerable to cyber-threats such as WannaCry, and called on it to take “urgent steps” to improve cyber security.

Do you know all about security? Try our quiz!