The healthcare industry is in a difficult position. Despite the utility that connected devices present to medical providers, the Bluekeep vulnerability makes it seem as though connected devices aren’t a wise solution for many to use… and there’s nobody these organizations can blame but themselves.
What is BlueKeep?
BlueKeep is a malware strain that was first discovered in May 2019, and was patched in short order to prevent it from becoming another situation like EternalBlue. EternalBlue was the exploit that allowed WannaCry to have such a considerable impact, especially on healthcare providers in the UK. Despite this precedent, however, many hospitals neglected to apply the necessary patches--and that isn’t even the worst part.
The worst part is that the three systems that BlueKeep impacts (Windows 7, Windows Server 2008, and Windows Server 2008 R2) share one thing in common: they have all passed their end-of-life date, and therefore no longer receive security updates.
This makes this situation a two-fold disaster. Not only have patches been released to mitigate BlueKeep, the systems affected by BlueKeep should not be in use anyways.
Of course, it only gets worse, and paints an unfortunate portrait of medical IT. A reported 22 percent of BlueKeep-vulnerable devices are yet unpatched. Worse, 45 percent of connected medical devices remain vulnerable, making things like x-rays, anesthesia machines, and other care-driven technology a risk to use.
Are you concerned about your organization’s technology?
Lean on the IT experts at Dresner Group for assistance. We can help any organization ensure that their technology won’t put their operations or their patrons in harm’s way. Learn more about what we can do by calling us at (410) 531-6727.
Comments