Get a free quote
For More Information: (800) 731-1909
Posted Nov 12th, 2018

Legacy Systems Pose Serious Risks to Healthcare IT Security

Every healthcare organization needs a secure and accessible Health IT infrastructure. As you embrace new digital technologies, including wireless networks, data warehouses, and electronic records, you need to ensure that your infrastructure can run smoothly without having to expose the organization to security threats.

Data breaches often occur when organizations like yours decide to upgrade legacy systems such as operating systems and medical devices without connections to the Internet. Now, hackers are targeting abandoned hardware that wasn’t disposed of properly. They are mining data and accessing private patient records.

Healthcare Data Breaches on the Rise

The healthcare industry is seeing more cybersecurity threats than ever before. With each passing year, they become harder to fight. In the second quarter of 2018, health-related organizations braved 142 data breaches, which compromised nearly 3.15 million patient records. The largest reported data breach in this quarter involved theft. Burglars ransacked an office of the Department of Developmental Services in Sacramento. A total of 582,174 records were affected.

About 99 of the 142 recorded breaches were disclosed by a healthcare provider while 15 were released by a health plan. Other incidents involved business associates and third-party vendors.

In addition, hacking incidents in the industry nearly doubled this quarter. About 44 of the 52 incidents affected 2,065,813 patient records. Seven involved ransomware and malware while 10 of the disclosed incidents involved phishing scams.

According to Co-Founder and Executive Chairman of ERI John Shegerian, the healthcare sector still has an uphill battle to fight if they intend to keep patient records private. In particular, he believes that a lot of organizations aren’t equipped to confront hardware hacking mainly because the technologies that they employ may continue to pose security vulnerabilities even at the end of their life cycles. Since many of the devices they utilize carry sensitive information, healthcare organizations must comply with HIPAA physical and technical safeguards to avoid violations.

Legacy Hardware, a Threat to HIT Infrastructure

Healthcare organizations must start taking hardware hacking seriously as these security issues put you at risk of violating HIPAA regulations. To avoid this mess, you should include the disposal of abandoned hardware in your IT security strategy. You must utilize the right disposal methods to ensure that the data stored in the discarded devices cannot be retrieved by hackers.

As you probably already know, hackers have grown more sophisticated over the years. For such a reason, there’s an urgent need to embrace ePHI and PHI services, Shegerian points out. It’s imperative that healthcare organizations start replacing outdated devices so that they may be destroyed responsibly. Shegerian emphasizes that this process needs to be done domestically or within the country. More importantly, it should include physical data destruction.  

A lot of security issues start from an organization’s failure to acknowledge its vulnerabilities. For instance, they would do band-aid repairs on old hardware instead of upgrading these systems. In doing so, healthcare-related organizations often do more harm than good.

It’s always best to take a proactive approach. You can start by taking a close look at your HIT infrastructure security. Assess your hardware.

Dated hardware often fails to integrate properly with modern systems. They can, therefore, make your organization more vulnerable to cybersecurity threats. If you see certain loopholes, get an upgrade.

In an interview with HIT Infrastructure, Charles Aunger, Managing Director of Technology for Health2047, said that upgrading your Health IT infrastructure can take time. He pointed out that organizations tend to “bite the whole apple” instead of dividing one massive project into several smaller ones that are easier to process. You can take on one project at a time until your entire system is fully upgraded.


Outdated HIT infrastructure systems can cause a lot of damage when left as is. They can prevent end-users from doing their jobs. More importantly, they can compromise patient safety. That means you should never wait for your system to fail. Go and upgrade your HIT infrastructure if it’s vulnerable to security threats.

Remember that getting hardware and software upgrades can be overwhelming, but it doesn’t always have to be that way. You can plan each step and set a realistic timeline so your organization can continue to run smoothly as it transitions.

For more information about securing your legacy systems and data, please contact us. We will be happy to assist you with all IT recycling needs.

Comments are closed