How legacy VB6 systems are endangering healthcare providers
Abto Software
Posted on May 3, 2024
This post is a quick overview of an Abto Software blog article.
In the healthcare landscape, it is becoming common to retain legacy applications, in particular VB6 programs, as these comprise information to preserve mission-critical functionality:
- In the healthcare segment, patient safety is the foremost priority – software upgrades and migration might disrupt everyday operations
- In modern healthcare dynamics, the resources are often very limited – systems upgrade and migration, which require sensible investment
- Software upgrades can introduce interoperability issues
- System migration might necessitate the replacement of integrated medical devices
With today’s omnipresent digitalization, healthcare software is implemented to manage sensitive information. Full names, home addresses, health records, insurance information, as well as other identifiable information – all very valuable resources for criminals.
In this short overview that duplicates our original blog article, we talk about the most prominent data breaches and how Visual Basic 6 systems are presenting security vulnerabilities.
The biggest data breaches in 2024
In the table below, we listed the largest data breaches healthcare providers and associates fell victim in 2024:
- Otolaryngology Associates, LLC – IN, 316802 individuals affected
- Family Health Center – MI, 33240 individuals affected
- Designed Receivable Solutions, Inc. – CA, 129584 individuals affected
- Emergency Medical Services Authority – OK, 611743 individuals affected
- M&D Capital Premier Billing, LLC – NY, 284326 individuals affected
- Pomona Valley Hospital Medical Center – CA, 13345 individuals affected
- Ezras Choilim Health Center, Inc. – NY, 59861 individuals affected
- Valley Oaks Health – IN, 50034 individuals affected
- Weirton Medical Center – WV, 26793 individuals affected
- Eastern Radiologists, Inc – NC, 886746 individuals affected
The biggest data breaches in the last decade
And now, let’s discuss the biggest data breaches in the United States health sector in the last decade:
Tricare
September 2011, 5 million patients affected
Tricare, a healthcare program for active-duty military personnel, was affected after facing a major data breach. The backups of electronic health records of patients were stolen while transported between facilities.
In the Tricare breach, the following data got potentially compromised:
- Full names
- Home addresses
- Phone numbers
- Health records
- Clinical notes
- Lab tests
- Prescription information
- And social security numbers
Community Health Systems
April-June 2014, 4.5 million patients affected
Suspected cybercriminals, being believed to be primarily based in China, have deployed sophisticated malware. The cyberattack impacted individuals receiving services at the network’s facilities over approximately the past five years.
In the Community Health Systems breach, the following data got potentially compromised:
- Full names
- Home addresses
- Phone numbers
- And social security numbers
UCLA
July 2015, 4.5 million patients affected
In 2014, UCLA experienced a significant data breach, but its malicious potential hasn’t been confirmed timely. In 2015, a subsequent security incident was confirmed and resulted in millions of sensitive patient records being compromised.
The compromised data included:
- Full names
- Birth dates
- Medical information
- Medicaid details
- Health plan identification numbers
- And social security numbers
Advocate Health Care
August 2013, 4.03 million patients affected
Advocate Health Care experienced a major data breach, which involved the theft of four personal computers. These computers were utilized to store and manage unencrypted information of millions of patients.
The compromised data included:
- Full names
- Home addresses
- Demographic information
- Clinical information
- Insurance information
- Credit cards with their expiration dates
Maintaining legacy VB6 solutions
Unavailable updates and patches
Since 2008, Microsoft hasn’t provided support, including updates and patches, leaving systems very vulnerable. That means, VB6 software is exposed to exploits targeting known security vulnerabilities.
Troublesome integration
Legacy software might need additional adaptations to ensure smooth integration with more modern systems. That might force decision-makers to resort to makeshift existing systems to eliminate new vulnerabilities.
Weak encryption and doubtful data storage
VB6 applications are typically lacking modern encryption standards and implementing outdated algorithms. That poses security risks to managed sensitive information, which comprises personal details, health records, and other relevant information.
Inadequate logging and monitoring
VB6 applications can’t provide comprehensive logging and monitoring, which complicates security practices. That makes it difficult to detect and mitigate security incidents, including credential stuffing attacks, unauthorized access, and more.
Replacing legacy VB6 systems
User authentication and authorization
Modern technologies are providing various mechanisms that enable secure authentication and authorization. These range from both two-factor and multi-factor authentication to more complex mechanisms.
Data encryption
What’s more, advanced technologies, in particular the modern .NET framework, also enable secure encryption. This means, data transferred from system to system is protected from several different threats.
Secure coding practices
These platforms also encourage integrating secure coding practices and modern-day design methodologies. These minimize the introduction of numerous security vulnerabilities – SQL injections, cross-site scripting, buffer overflows, and others.
Role-based access control
Newer technologies support role-based access control to define and enforce better tailored access policies. This way, they eliminate privilege escalation, compliance violations, and other security issues.
How we can help
Abto Software is assisting business leaders successfully replace legacy applications by handling VB6 migration. Our engineers cover everything from discovery to investigation, planning, conversion, and maintenance.
VB6 to .NET migration, VB6 to C# migration, application re-engineering and re-architecting, data migration – we cover it all.
Posted on May 3, 2024
Join Our Newsletter. No Spam, Only the good stuff.
Sign up to receive the latest update from our blog.