GovInfoSecurity November 1, 2021
HHS OCR: If Old Gear Cannot Be Replaced, Take Other Steps to Protect PHI
Federal regulators are reminding healthcare organizations about the critical importance of addressing security risks involving legacy systems and devices – including specialty software and gear – that are often difficult for entities to replace.
Legacy systems’ lack of vendor support makes them particularly vulnerable to cyberattacks, says the Department of Health and Human Services’ Office for Civil Rights in a bulletin issued Friday.
“While many factors may contribute to an organization’s decision to continue to use a legacy system, it is important that the organization include security in its considerations, especially when the legacy system could be used to access, store, create, maintain, receive, or transmit...