After an analysis, researchers discovered a lot of devices being used by healthcare facilities are outdated when it comes to the software that they are operating. Running off of legacy software such as Windows 2000 is dangerous, simply based on the fact it stopped receiving security patches almost nine years ago. The researchers who discovered this problem were able to make their way into the system pretty easily and complete tasks like injecting ransomware and altering information. They even had access to patient records and images. With access to these resources, hackers can obtain services, prescriptions and even government benefits or simply sell the information for upwards of $60 on dark web forums. Cyber criminals have been fans of attempting to take data from healthcare facilities for a long time now and the reason is clear–they hold a lot of data. The researchers described this by saying, “Although there are many articles describing the personal danger of cyber-attacks to patients, the financial damage is far more realistic and is what lies at the heart of cyber-attacks on the healthcare industry.” It will be interesting to see if medical practices change their ways and update their systems after the news of these vulnerabilities.
Since there is no news of an actual attempted hacking of the systems running on Windows 2000, it is hard for patients to do anything about it. Monitoring health insurance accounts and claims is advised for patients who believe their information could be at risk.