Confidential information should be protected by multiple layers of security. A hacker ought to be detected when they have breached the top layer. If there are four of five layers of protection, for example, and each layer takes a hacker several days to penetrate, then the system can defend itself for long enough to work out how to get the hacker out of the network.
Heyday for hackers
Hackers are waiting for April 8th of next year – the fated day when Microsoft’s Windows XP is retired. Once the company puts the software out to pasture, patches or updates will no longer be provided, meaning that anyone using XP after this date will make their computers vulnerable to those with malicious intent.
Windows XP is used by hospitals and health centres around the country. When the hospital computers no longer receive security updates they’ll be a veritable honey pot for hackers. People won’t be dying on the operating table, because of a breach, as actual patient care machines either stand completely apart from the network, or a data fail would not prevent doctors from performing their work. However, the biggest risk is the leakage of information outside of the patient care system.
60 percent of hospitals prepared
Hospital districts have started a large scale upgrading operation due to the problem. Tens of thousands of computers will be upgraded to a newer version of Windows by next spring.
In Southern Karelia, for example, 1500 computers require overhaul. Some of the machines have come to the end of their lifespan and will have to be replaced entirely, while others merely need a new operating system. The latter takes around an hour per machine to install.
Yle asked the hospital districts how much success they are likely to have in updating all their machines in time. Around 60 percent said it would happen, while the rest indicated that upgrades would not be ready in time. Even though the update schedule should be set for early April, many will need time until later in the year.
"It’s not a problem"
Southern Karelian hospital information officer Toni Suihko claims that hacker attacks do not pose a problem in the health care field.
“I have not heard of anyone trying to attack – let alone successfully – health care information systems. It appears that either hackers don’t have the will to do so, or that the security is so good that they’ve been unsuccessful,” Suihko says.
Data security firm Stonesoft’s senior security expert, Otto Airamo, is of a different mind.
“It’s certain that if a hospital’s systems are still, as of next spring, running Windows XP, then the machine is not running security updates and this is a real problem,” says Airamo.
"We’re not saying”
Yle also asked non-health care industry players if they were using XP. The list included the Defence Forces, postal service Itella, emergency centres, the police, power network manager Fingrid, service stations and shop chains.
The most common answer was that these issues were not discussed with the media. On this basis it is difficult to establish whether or not the potential hacker’s field day on April 8 is a concern to services or trade, for example.
The Transport Authority responded that the retirement of Windows XP and subsequent security ramifications would not stop the trains. Fingrid said it will keep the power network up and running, and the issue is not a problem for Teboil and Itella, both of which have detailed plans to upgrade their systems in time.
