The medical area should be the most safeguarded due to the sensitivity of the personal information it treats, yet many devices, especially diagnostics, still run old versions of Windows . The news is certainly not a last hour because the phenomenon is struggling to decrease and has been going on for many years now. It's not hard to walk around a hospital and come across CTs and x-rays that work thanks to the now defunct Windows XP. Certainly, replacing these machines or updating them has rather high costs but what are the risks behind this apparent sufficiency?
Diagnostic devices on old versions of Windows
The origin of the possible problems is that the software needs an operating system to work and updating it according to the latest releases poses many problems. In fact, many of these medical devices interact with the OS by means of old drivers and interfaces that could be incompatible with subsequent updates . For example, a driver working with Windows XP could present widespread malfunctions on Windows 10 or result in altered investigations, compromising the very effectiveness of the diagnostic method.
To avoid this happening very often we tend to leave the software at the status quo , eventually replacing the device after a predefined time interval. In theory, the Court of Auditors had already expressed itself in the past indicating that instruments older than 10 years should be replaced . However, it is equally true that 10 years in terms of software and hardware is centuries given the speed of technology development. In fact, a mammography unit purchased in 2011 was probably developed using Windows XP which however went out of support in 2014. In the meantime, however, we have seen the release of 3 operating systems: Windows Vista, 7 and 10. Unfortunately for the indications of Corte dei Conti could only be replaced in 2021, creating a 7-year long vulnerability.
Possible risk factors
Many American magazines denounce the growing IT risks deriving from a failure to update obsolete operating systems in diagnostic machinery. Furthermore, alongside this problem there is the risk of compromising the entire IT system of hospitals due to possible bad network configurations. Indeed, it would be necessary to try to protect and isolate such systems as much as possible in the event that their replacement or updating is not really possible.
In reality, for various needs such as time reduction, these systems are integrated into the hospital network. As well as to be able to provide the results of diagnostic investigations to other departments without the need for optical or paper supports. Unfortunately, however, we have seen how the insecurity of the Internet can also cause problems of a devastating nature. Some worms may be harmless to newer systems because they can identify them in time and protect us. On the contrary, they could spread and cause malfunctions if diagnostic tools arrived at the computers , without considering the risk of losing sensitive data. It's like having a huge archive protected by a wooden door without a lock, who wouldn't be afraid?
The latest data on the diffusion of operating systems
Research dating back to 2019 and conducted in the United States highlights that about 83 percent of medical imaging devices work on operating systems that are so old that they no longer receive security updates . Unfortunately for Italy we do not have data that demonstrate the current diffusion but considering that on average between 60 and 70% of the machines have a life of more than 5 years , the accounts are soon done.
We can only rely on the good management of the health system, with the hope that the message about the importance of keeping systems updated will pass more and more.