In the medical sector, unpatched and legacy systems are the weakest link

Nov 09, 2020

The FBI, CISA, and HHS have given grim warnings about 2020’s steadily-accelerating rise in cyber attacks on hospitals. According to recent research from Check Point, healthcare has been the most targeted industry by ransomware attacks since Q3 of 2020, and that ransomware attacks on the healthcare sector increased by 71% in the United States. Check Point also shared that in APAC and EMEA, ransomware attacks on hospitals also increased over the last month by 33% and 36% respectively. One interesting detail from this study we hadn’t seen noted before was to be extra careful on weekends and holidays, as most targeted attacks took place during that timeframe.


How do we prepare a life-critical sector like healthcare for this rise in attacks? In a 2019 panel for Vizient Inc. titled ‘Medical Device Cybersecurity in Healthcare: Managing Threats and Costs’, the Director of Clinical Information Security at the Mayo Clinic Kevin MacDonald said that if a device’s operating system is “current and can be updated … it has been shown to take some 80% of your cyber security risk off the table.” Unfortunately, it seems that right now many healthcare centers are unable to immediately phase out legacy systems. In this case, when a legacy system is essential to operation, there are two options: locking down devices with a trust list or deploying network-based virtual patch technology. Use of a trust list with software such as Safe Lock prevents malware from functioning by enforcing a list of which programs can run, while virtual patching creates a shield around legacy systems or unpatched devices to close up vulnerabilities.


Keeping backups of all hospital records and systems, while important for a variety of reasons, is no longer the guarantee it once was. Much of modern ransomware has been developed into extortionware, which steals a copy of sensitive data, such as electronic health records, before encrypting the original. If ransom targets won’t pay up, threat actors will punish them by releasing the stolen data on the internet. Attackers are always looking for ways to raise the stakes and push stakeholders into paying up fast, so it’s more important than ever to stop attacks from happening instead of simply being able to recover from them.

  • Be extra careful on weekends and holidays.
  • Use lockdown technology to limit execution of applications to a trust list, protecting fixed-use legacy systems.
  • Use virtual patching to block or detect in detail malicious or abnormal behavior on your network, “patching” up holes in the defenses of your unpatched or legacy devices.


To implement lockdown technology for fixed-use systems, learn more about Safe Lock.

To deploy virtual patching, learn more about EdgeIPSEdgeIPS Pro, or EdgeFire.

TXOne image
TXOne Networks

Need assistance?

TXOne’s global teams are here to help!

Find support