EMRs Under Attack: Legacy Software Ranks as No. 1 Cybersecurity “Bad Practice”


EMRs now account for nearly 10 percent of cyberattacks, with legacy software offering some of the easiest entry points. With the price tag for a healthcare data breach reaching an all-time high, decommissioning aging, out-of-production applications to secure patient, employee and business records is more important than ever before.

Legacy Software Ranks No. 1 Cybersecurity Bad Practice

Fighting cybercriminal activity in healthcare is a nonstop battle with attackers constantly upping their tactics and varying their targets. Even more than before, cyber criminals target EMR systems in an effort to siphon as much data as possible, cause operational damage, and push for ransom payments. Hacking incidents on EMR systems soared from zero in the first half of 2020 to nearly 8 percent of all breaches in the first half of 2022, according to a recent report.

Smaller hospitals, physician groups and specialty clinics are rising to the top of those affected by hacking or IT incident breaches as they may have less resources to protect themselves. With the price tag for a healthcare data breach at an all-time high of $10.1 million according to an IBM Security report, looking at your EMR environment for weak links is a smart move for organizations of every size.

Legacy Software and Hardware are the Weak Links in Healthcare Security

Cyberattacks are not only grabbing headlines, but causing major turbulence in healthcare, forcing the cancellation of surgeries, radiology exams and other services because systems, software and/or networks had been attacked and disabled due to cyber criminals. The cost to the breached organization is high in terms of economic loss and reputation repair. There are many steps needed to protect healthcare organizations, which starts with understanding not only everywhere the electronic protected health information (ePHI) resides, but in the security vulnerabilities associated with legacy systems across the enterprise.

Lisa J. Pino, Director, Office for Civil Rights, U.S. Department of Health and Human Services explains:

All too often, we see that risk analyses only cover the electronic health record. I cannot underscore enough the importance of enterprise-wide risk analysis. Risk management strategies need to be comprehensive in scope. You should fully understand where all electronic protected health information (ePHI) exists across your organization – from software, to connected devices, legacy systems, and elsewhere across your network.”

Legacy/Unsupported Software Ranks No. 1 as a “Bad Practice”

According to the Cybersecurity and Infrastructure Security Agency (CISA), the number one Bad Practice that increases risk to critical infrastructure including public health and safety is the use of unsupported (or end-of-life) software.

Multiple silos of data stored in outdated systems offer some of the easiest entry points for hackers. Legacy software kept running in read-only mode can be vulnerable to corruption, breakdown, cyberattack or even internal threats. Minimizing open doors and windows in your organization by decommissioning legacy software to defend against cybercrime is a smart and necessary step in your organization’s long-range security plan.

Healthcare Providers Must Strengthen Their Cyber Posture

While there are best practices for health data management, many organizations are cash and/or resource strapped from implementing everything on their wish lists. The 2021 State of Cybersecurity Report: The COVID-19 Evolution research from HIMSS found that 73% of respondents believed their organization needed to increase spending on cybersecurity, but only 40% felt their organizations had the financial means to make the necessary investments. While healthcare spending on cybersecurity may be difficult to increase, there are recommended action steps to better protect patient, employee, and business records.

An Important To-Do: Decommission Aging, Out-of-Production Applications

When decommissioning legacy systems and determining how to address legacy data to reduce the risk factor to your ePHI, there are a few things to ask any future archiving partner.

The data extraction and migration experts at Harmony Healthcare IT have helped healthcare delivery organizations decommission legacy systems, and safely consolidate patient, employee and business records since 2006.  Extracting, migrating and retaining legacy records from over 500 different clinical, financial and administrative software brands, Harmony Healthcare IT secures discrete data and images for the long haul on its cloud-based platform, HealthData Archiver®.

Stepping Up Defensive Moves to Protect ePHI

Need help protecting legacy records in this hostile, hacker-centric environment? Harmony Healthcare IT has been consistently ranked as the #1 data extraction, migration, and archival healthcare IT company according to Black Book Market Research for three years (2019-2021) as well as ranked #1 in the 2020 Best in KLAS Software & Services Report as a Category Leader in Data Archiving.

For more information about securing legacy healthcare data and deflecting cyberattacks, check out this white paper: Security Focus Creating a Legacy Data Management Plan.

Better yet, reach out to connect.

Oct 04 2022

Ready to learn more?

Contact us today to learn more about our healthcare data management solutions.

First Name *
Last Name *
Email *

Healthcare IT tips, guides, news & more delivered to your inbox

Sign me up