IT Security Outsourced IT

Healthcare Legacy Systems

What is a Healthcare Legacy System?

A legacy system is a system that is no longer supported by its manufacturer, which puts an end to updates and security patches that organizations rely on for cybersecurity and continuous operation. Legacy systems can include devices, operating systems, applications, or processes. The healthcare industry has a significant legacy system footprint.1 Reasons that healthcare organizations continue to use legacy systems include:

Expense and integration. Due to the expense of replacing an entire system at once, healthcare organizations often buy new systems to integrate with their old systems.

Business continuity. Healthcare organizations may find it difficult to schedule an upgrade to their system, due to the nature of their business. It will also take time to train staff on the new system.

If you are in a healthcare organization that relies on legacy systems, there are still actions that you can take to ensure that your system is secure:

Isolate the legacy. If you have a legacy system that you know is insecure, create a separate network segment for it to help limit the damage if it becomes compromised.2

Assess vulnerabilities. While you may no longer have security updates and patches from the manufacturer, you can still scan for vulnerabilities and implement controls to protect the machine.

Computer hardening. Hardening a system refers to the process of making it secure as possible. This can be done by removing unnecessary services and application, closing ports, blocking IP address ranges, and protecting user login credentials.

Inventory. Take an inventory of the data on a legacy system so that you can determine if there is sensitive information on there that should be moved to a more secure location.

Security software. Install security software and firewalls to prevent a cyberattack from spreading.

Though there may be understandable reasons for using legacy systems in healthcare organizations, and strategies to help keep them safe from cybersecurity threats, at some point you may need to consider their retirement. Some signs that your healthcare organization may be ready for a modernized system include:

  • Frequent crashes. Your applications are running slow, glitching, or crashing often.
  • No vendor support. Many vendors stop providing support for older operating systems when new solutions are available
  • Device-dependent software. Modern healthcare software systems allow for remote access outside of the office setting.
  • No integration. Your legacy machine cannot be interfaced with other systems.
  • On-premises software hosting. Running clinical applications on your organization’s servers is increasingly expensive and uncommon as more organizations move to cloud hosting.
  • Special skills required. Legacy systems may require that you hire, train, retain, or outsource legacy IT specialists.  

1 HIMSS, 2022, “Cybersecurity in Healthcare”

2 rThreat, 2021, “Securing Legacy System in the Healthcare Industry”