Even though Congress passed cybersecurity requirements for medical device manufacturers in 2023, some devices that are beyond their lifespan in terms of updates and support are likely vulnerable to attacks, according to MedTech Dive. Experts believe hospital systems still have plenty of unsupported legacy equipment in use, which may be overlooked because it’s still working well enough in everyday practice. It’s the lack of updates for the devices’ bespoke software that is most concerning because security patches can’t be installed on old devices when new threats are identified. The Food and Drug Administration has noted that operating systems are frequently on a different development trajectory than medical devices, and it’s an impossible task to get the entire healthcare technology ecosystem in sync.
Let’s not forget: The cost of Change Healthcare’s ransomware attack that was first discovered in February of this year has now risen to $2.457 billion, according to UnitedHealth Group’s Q3, 2024 earnings report.