Bad Practices in Healthcare Infrastructure


Summary
As recent incidents have demonstrated, cyberattacks against critical healthcare infrastructure can have significant impacts on patient care and the private sector. All organizations, and particularly those supporting clinical operations should implement an effective cybersecurity program to protect against cyber threats and manage cyber risk in a manner commensurate with the criticality of those to national public health and safety.
American IT is developing a catalog of Bad Practices that are exceptionally risky, especially in organizations supporting Healthcare Infrastructure. The presence of these Bad Practices in organizations that support Healthcare Infrastructure is exceptionally dangerous and increases risk to our critical healthcare infrastructure, on which we rely for life, health, and safety of the public. Entries in the catalog will be listed here as they are added.
The Catalog :
  • Use of unsupported (or end-of-life) software in service of Healthcare Infrastructure is dangerous and significantly elevates risk to information security and public health and safety. This dangerous practice is especially egregious in internet-accessible technologies (non air-gapped systems).
  • Use of known/fixed/default passwords and credentials in service of Healthcare Infrastructure is dangerous and significantly elevates risk to information security and public health and safety. This dangerous practice is especially egregious in internet-accessible technologies (non air-gapped systems).