As of January 14, Microsoft discontinued support for its Windows 7 operating system; technical support, software updates, and security updates will no longer be provided, an issue that leaves machines still running Windows 7, including connected medical devices, at increased risk of cyberattack.
To help prepare for the transition, Cynerio is offering hospitals a complementary risk assessment until February 14. The assessment will provide hospitals with a comprehensive inventory of their healthcare IoT ecosystems, and a detailed analysis of unsupported operating systems running on specific devices. Cynerio will identify and flag vulnerabilities on the network, evaluate device criticality to workflow and care delivery, and determine which devices and departments are most at risk.
Vendors like Siemens, Roche, Philips, and GE have relied on Windows operating systems for years and today, nearly 50% of all medical devices running on Windows use Windows 7, according to Cynerio; currently, more than 20% of all device models in the global medical ecosystem run on the now-unsupported operating system. This includes a significant portion of imaging devices, placing radiology departments at even higher risk.
“No device is risk free, especially network-connected devices. Medical devices are the weakest link: They are not designed with security in mind, have extensive lifecycles, and often cannot afford any downtime,” says Leon Lerman, Cynerio’s CEO and co-founder. “Cybersecurity is an ever-changing landscape, and today’s Windows 7 end-of-life only adds to the inherent weaknesses of hospital networks. If a device responsible for critical care is vulnerable, patients are at risk. It’s more important now than ever for hospitals to know their risk and to take educated measures to secure their networks and patients.”
Photo © Tom Voelz, courtesy Dreamstime.com (ID 169328375)