The problem of out of date legacy hardware, operating systems and applications across the healthcare industry is endemic. This is especially so at small hospitals and clinics where tiny IT and security staffs and highly constrained budgets, prevent the upgrading of end-of-life and often vulnerable technologies. Aggressive sun-setting of certain operating systems and near constant patching requirements compound the pressure on small IT staffs to support and secure their health IT infrastructure. Poor coordination between HIT vendors and Microsoft causes healthcare applications to break if patched or remain vulnerable if unpatched. This situation introduces risk into the healthcare delivery environment as IT systems continue to operate with unpatched CVEs and unsupported hardware and software.
With limited budgets and no panaceas on the horizon, how can CIOs and CISOs of small or critical access facilities get away from having to support dangerous legacy hardware and software?
This session looks at the complexity of problems and explores options to reduce risk and solve the legacy hardware and OS problem for good.
Richard Staynings, Cyber Associates LLP
Jason Hawley, UCHealth