An IT Medical Industry Vulnerability You Should Know About

Connected devices are undeniably convenient in the medical industry. Alas, recent news would suggest that connected devices should be avoided as the BlueKeep vulnerability is still able to attack medical systems… for an unfortunate reason. 

BlueKeep Background

Discovered in May of 2019, BlueKeep was patched to prevent the malware from emulating EternalBlue, which was the exploit that enabled the infamous WannaCry cyberattacks which, among other terrible effects, took several hospitals out of commission in the United Kingdom.

Today, with precedent established as to how critical it is to keep solutions patched and up-to-date, you’d think that hospitals would move fast to implement it. Sadly, this isn’t the case. 

Worse, BlueKeep impacts Windows 7, along with Windows Server 2008 and Windows Server 2008 (R2). You may recognize these systems, because they all have recently passed their end-of-life date and are thus no longer protected against cyberattack.

So, what does this mean? Simple:

Not only was BlueKeep resolved via a patch, the impacted systems should no longer be in use in the first place.

Reports have also indicated that an entire 22 percent of devices vulnerable to BlueKeep have not added the patch, and that almost half (45%) of connected medical devices are still vulnerable. These connected medical devices include devices such as x-ray machines, anesthesia machines, and other components critical to care.

In summation, the state of medical IT looks grim.

Macro Systems can help.

Macro Systems is here to offer our assistance to healthcare organizations--and any other organization in a similar predicament--that need to upgrade their IT so that their patients are safe. For assistance with your IT (even if it only supplements your internal team) give us a call at 703-359-9211.