In today’s interconnected environment, protecting healthcare IT systems against malware attacks seems to be an uphill task for infosec professionals. The recent spate of ransomware attacks (e.g., WannaCry) has made many infosec teams to be more aware of cybersecurity issues associated with the Internet of Things (IoT). But some IT experts see some obstacles preventing CIOs and CISOs from actually addressing these security issues. For starters, the equipment itself is unfixable. Todays medical devices tend to be older because of the cost and time involved in upgrading, the experts say. Some of this equipment cannot be patched and will have known and published security flaws.Next, the CIO or CISO may not have the budget or policies to replace the unfixable items or even have a process that would embed cybersecurity issues into the device procurement RFPs, said Sara Jost, global healthcare lead at cybersecurity firm BlackBerry. There is also the issue that their own staff may be unable to employ best practices that can safeguard the organisation from all the new cybersecurity issues that are coming to light.

Source: Click here