If there is any industry that connected devices are undeniably useful in, it would have to be the medical field. Unfortunately, recent news would suggest that connected devices should be avoided as the BlueKeep vulnerability is still able to attack medical systems… for an unfortunate reason. Find out more by reading on.
Discovered in May of 2019, BlueKeep was patched to try and prevent the malware from emulating EternalBlue, which was the exploit that enabled the infamous WannaCry cyberattacks which, among other terrible effects, took several hospitals out of commission in the United Kingdom.
Now, with precedent established as to how important it is to keep solutions patched and up-to-date, you’d think that hospitals would move fast to implement it. Unfortunately, this isn’t the case.
Worse, BlueKeep impacts Windows 7, along with Windows Server 2008 and Windows Server 2008 (R2). You may recognize these systems, because they all have recently passed their end-of-life date and are therefore no longer protected against cyberattack.
So, what does this mean? Simple:
Not only was BlueKeep resolved via a patch, the impacted systems should no longer be in use in the first place.
Reports have also indicated that an entire 22 percent of devices vulnerable to BlueKeep have not added the patch, and that almost half (45 percent) of connected medical devices are still vulnerable. These connected medical devices include things like x-ray machines, anesthesia machines, and other components critical to care.
In summation, the state of medical IT looks grim.
We can help.
TVG Consulting is here to offer our assistance to healthcare organizations–and any other organization in a similar predicament–that need to improve their IT so that their patients are safe. For assistance with your IT (even if it only supplements your internal team) give us a call at (818)284-4118.