Win XP, Flash, Java… healthcare makes easy pickings for hackers Study shows some medical folk are still running an OS not supported since 2014
The healthcare industry is a long way behind the financial sector in basic security practices, according to a study by two factor authentication firm Duo Security.
Duo found that healthcare devices were significantly more out of date and less secure than ones from finance, after comparing its healthcare customers’ devices to its finance customers’ equipment.
Healthcare has a four times greater density of Windows XP computers compared to finance. Windows XP has been unsupported by Microsoft since 2014 and unsupported OSes do not receive any software patches or updates, making them an easy target for attackers.
The risk is far from theoretical. For example, earlier this year Melbourne Health’s networks were infected with malware after an attack compromised the Royal Melbourne Hospital’s pathology department, which was running Windows XP.
The Qbot malware linked to the infection is capable of stealing passwords and logging keystrokes.
A significant minority (three per cent) of Duo’s installed base is stuck on Windows XP, which compares to one per cent of users across Duo’s entire client base. Across that customer base, finance has 50 per cent more instances of computers running on the Windows 10 operating system than healthcare.
Finance has more instances of computers running on Windows 7 (74 per cent) than healthcare (66 per cent). Staying with older versions of Microsoft’s OS can have security downsides, even if the operating system is still supported.
With more than 500 known vulnerabilities affecting Windows 7, there are many ways for an attacker to easily exploit flaws on the outdated OS to gain unauthorised access to a healthcare organisation’s computing environment, Duo warns.