US is fighting COVID-19 with 83% of healthcare systems running on outdated software

According to a recent report by Palo Alto Networks, summarized and analyzed by Atlas VPN, the US is combating COVID-19 while having 83% of their healthcare systems run on outdated software. The US is taking serious measures to prevent coronavirus from spreading: Trump banned all incoming flights from Europe, Ireland, and the UK. And, while US prevention methods seem in check, the security of their healthcare systems surely is not.

Palo Alto networks checked 1.2 million Internet of Things (IoT) devices in thousands of healthcare organizations in the United States. As the report shows, 83% of devices in the US healthcare run on outdated software, with 56% of devices operating on Windows 7. The research also revealed that 27% of medical devices are still operating on Windows XP or decommissioned versions of Linux OS.

As of January 14, 2020, Microsoft stopped supporting Windows 7. Even if you do not upgrade to Windows 10, your device will continue operating normally. But, you will no longer receive essential security updates or bug fixes, meaning your device becomes vulnerable to various security threats.

In their support section, Microsoft strongly encourages updating to Windows 10. It has been two months since the company announced the news. Yet, over half of the medical devices in the US are still using Windows 7, leaving multiple security vulnerabilities to be exploited by hackers.

The number of security breaches in the US healthcare system has been growing steadily over the past three years. Back in 2017, there were 5.1M of registered stolen medical records, and the number has been increasing ever since. In 2018, the number of compromised records reached 14M. Until 2019, the number increased by 65%, leaving 40M of Americans having their health records compromised.

Devices monitoring coronavirus patients are in 26% risk of getting hacked

Over 40% of executives in the healthcare field say they are planning to improve their cybersecurity measures in 2020. For the time being, many digital medical tools are in a critical state. As well, engineers responsible for maintaining medical tools often do not receive proper training or resources to ensure best safety practices are being followed.

As of today, 16% of imaging systems are at a 51% risk of getting hacked. Also, there is a 26% chance that 14% of patient monitoring tools will get attacked. Although the numbers may not seem as big, it is extremely concerning. Considering every COVID-19 patient is being monitored in hospitals.

Hackers perform HHS cyberattack to slow down the US health agency's system

Cybercriminals have been using the situation to their advantage since the beginning of coronavirus-spread. For instance, by creating fake coronavirus maps, they were able to trick people into downloading malware onto their devices. It was only a matter of time before hackers began to take a step further. Start exploiting the vulnerabilities lying in the US healthcare system.

Hackers are always looking for new ways to exploit system-wide vulnerabilities, and this time is no different. At a time when everyone's minds are occupied by a coronavirus, organizations should be taking extreme measures to prevent such attacks from happening. Rachel Welch, Chief Operating Officer of Atlas VPN, shares her insights on the situation:

“Due to the COVID-19 outbreak, hospitals are using patient monitoring devices more than ever. Research shows that 1 in 4 such devices have security issues. Based on these numbers, Atlas VPN estimates that cybercriminals will be focusing on the healthcare sector in 2020.”

Last Sunday, March 15, The US Health and Human Services Department experienced a cyber attack on their computer. While the federal government is investigating the incident, it is suspected that a foreign actor performed the attack intending to slow the computer down.

Right before the HHS attack, the National Security Council tweeted warning about "fake" text messages. Which suggest that Trump will order a two-week mandatory quarantine. It is believed the fake text may be related to the incident.


John C.

John C.


Tags: VPN