Many hospital executives contend with older legacy IT systems that are vulnerable to cyberattacks and may violate HIPAA requirements. While technical challenges abound, one approach is to provide detection and response capabilities through network firewalls through which legacy systems communicate.
Regulatory Obligations to Protect Patient Data on Legacy Systems
HHS and OCR have noted that the HIPAA Security Rule requires covered entities to protect electronic protected health information (ePHI) on IT systems, including legacy systems. However, there are many challenges to implementing cybersecurity programs on these outdated, vulnerable systems. These challenges include: