It sucks when viruses clog your PC, slow it to a crawl, and generally make your life miserable. But what if it put your life in danger? With medical facilities all around the United States running outdated software that can’t install new security patches, that very well may become the case.
According to the Technology Review, 664 medical machines at Beth Israel Deaconess Medical Center in Boston ran outdated operating systems that it could not upgrad despite that many older Windows operating systems are huge targets for malware.
The main issue is that the manufacturers of medical equipment don’t often allow the hospitals to upgrade their operating systems or patch security holes, said Kevin Fu, a researcher and associate professor at the University of Massachusetts, Amherst, at an industry conference last week. The fear here is that if the hole is patched, or the software somehow changes, that the device will no longer be FDA complaint. If it isn’t FDA complaint, a hospital can’t use it. But the huge downfall is that without these security updates and the latest operating systems, malware is literally slowing down the machines that doctors and nurses are using to save lives.
Botnets, or strings of computers that can be controlled to launch mass attacks or otherwise work in unison for the hacker’s profit, are a particular problem for hospitals.
Indeed, Fu says its “not unusual” for these machines to not perform properly, the hospitals relying on a “fallback model,” otherwise known as someone watching over the patient. Malware hinders the devices to a point where they can no longer record data.
As the Technology Review points out, hospitals don’t have to report security issues unless someone has actually been hurt as a result of the device’s malfunction. In 2009, the FDA also encouraged hospitals to work it out with the manufacturers themselves.