Legacy software in healthcare puts patient safety and HIPAA compliance at risk. New vulnerabilities are discovered regularly, leaving medical devices and systems open to cyber attacks. Hospitals must prioritize patching to minimize disruptions to care. Patch management cycles should consider the severity of flaws and whether vulnerabilities have active exploits. Anomalies like government alerts must be responded to outside of regular schedules, and compensating controls may be used for unpatchable systems. It is crucial to prioritize patient safety and coordinate with clinicians to ensure continuity of care when making security decisions.
The NCSC wants developers to get serious on software security
The NCSC’s new Software Security Code of Practice has been praised by cyber professionals as a significant advancement in enhancing software supply chain security.
