A Tale of 2 Health Data Breaches: Persistent Challenges
Protecting Legacy Systems, Email Proves Difficult for Many
… Keeping legacy information systems secure from ransomware attacks, as in the RDH breach, and other intrusions is an ongoing challenge, says Tom Walsh, president of consulting firm tw-Security.
“Retired legacy systems normally have limited access and are no longer considered a critical application,” Walsh says. “Therefore, the tendency sometimes, is to ‘let your guard down,’ especially when it comes to backups, because the data isn’t changing.”
… Because security patches may not be available for legacy systems, IT departments should protect these systems by implementing compensating controls, such as network segmentation, additional firewalls or access control lists on network ports to which legacy systems are connected, Walsh advises.