Legacy software in healthcare puts patient safety and HIPAA compliance at risk. New vulnerabilities are discovered regularly, leaving medical devices and systems open to cyber attacks. Hospitals must prioritize patching to minimize disruptions to care. Patch management cycles should consider the severity of flaws and whether vulnerabilities have active exploits. Anomalies like government alerts must be responded to outside of regular schedules, and compensating controls may be used for unpatchable systems. It is crucial to prioritize patient safety and coordinate with clinicians to ensure continuity of care when making security decisions.
How can regulators prevent cyberattacks like Change Healthcare? : Shots
The US healthcare system remains vulnerable to cyberattacks, with a cautionary tale being the ransomware attack on payments manager Change Healthcare in February 2021. Consequently,