How legacy VB6 systems are endangering healthcare providers
In the healthcare industry, it is becoming common to maintain legacy applications, in particular VB6 systems, that comprise historical information to preserve mission-critical functionality:
- In the healthcare sector, patient safety is of utmost importance – application upgrades and migration can disrupt critical operations, so organizations are hesitant about approaching modernization efforts
- In the healthcare domain, the resources are often quite limited – system upgrades and migration, typically requiring significant investments, are posing a challenge to smaller and medium-sized healthcare providers
- Legacy systems are well-integrated into the healthcare infrastructure, and upgrades can introduce interoperability issues
- Legacy systems are integral to integrated medical devices that have extended lifecycles, and upgrading existing systems might necessitate their replacement
In today’s digital world, healthcare systems are housing large amounts of personally identifiable information. These include full names, home addresses, health records, insurance information, and social security numbers – all very valuable resources attracting hackers.
In this short overview, we’ll shed some light on the most impactful data breaches in the healthcare segment and reveal how maintaining Visual Basic 6 systems might cause data leakage.
The biggest data breaches in 2024
In the table below, you see the largest data breaches healthcare providers and associates fell victim in 2024:
| Covered entity | Individuals affected | State | Date |
| Otolaryngology Associates, LLC | 316802 | IN | 01/04/2024 |
| Family Health Center | 33240 | MI | 24/03/2024 |
| Designed Receivable Solutions, Inc. | 129584 | CA | 23/03/2024 |
| Emergency Medical Services Authority | 611743 | OK | 22/03/2024 |
| M&D Capital Premier Billing, LLC | 284326 | NY | 21/03/2024 |
| Pomona Valley Hospital Medical Center | 13345 | CA | 20/03/2024 |
| Ezras Choilim Health Center, Inc. | 59861 | NY | 19/03/2024 |
| Valley Oaks Health | 50034 | IN | 18/03/2024 |
| Weirton Medical Center | 26793 | WV | 18/03/2024 |
| Eastern Radiologists, Inc | 886746 | NC | 29/02/2024 |
Original source: The Secretary of HHS, official portal
The biggest data breaches in the last decade
But let’s get down to the most harmful data breaches in the United States health sector over the last decade:
Tricare
Date: September 2011
Impact: 5 million patients
Tricare, a healthcare program for active-duty military personnel and retirees, has faced a massive data breach. The backups of electronic health records were stolen when transported between facilities.
In the Tricare breach, the following data got potentially compromised:
- Full names
- Home addresses
- Phone numbers
- Health records
- Clinical notes
- Lab tests
- Prescription information
- And social security numbers
Community Health Systems
Date: April-June 2014
Impact: 4.5 million patients
The cybercriminals, being suspected to be primarily based in China, have introduced sophisticated malware. The cyberattack affected individuals receiving services at the network’s facilities over about the last five years.
In the Community Health Systems breach, the following data got potentially compromised:
- Full names
- Home addresses
- Phone numbers
- And social security numbers
UCLA
Date: July 2015
Impact: 4.5 million patients
UCLA faced a serious data breach in October of 2014, but its malicious potential wasn’t confirmed back then. The later security incident in July of 2015 was confirmed and resulted in millions of sensitive patient records being compromised.
The compromised data included:
- Full names
- Birth dates
- Medical information
- Medicaid details
- Health plan identification numbers
- And social security numbers
Advocate Health Care
Date: August 2013
Impact: 4.03 million patients
Advocate Health Care experienced a major data breach, which involved the theft of four personal computers. These stored unencrypted information of millions of personal patient records.
The compromised data included:
- Full names
- Home addresses
- Demographic information
- Clinical information
- Insurance information
- Credit cards with their expiration dates
Maintaining legacy healthcare solutions
So, what’s the deal with outdated VB6 programs?
Unavailable updates and patches
The technology hasn’t received mainline support, meaning updates and patches, from Microsoft since 2008. This leaves business leaders delaying legacy system migration potentially exposed to exploits targeting known security vulnerabilities in the programming language or in associated libraries and components.
Troublesome integration
The technology might require additional adaptations to ensure smooth integration with more modern systems. This means business decision-makers omitting legacy software migration must approach makeshift integration, which makes more room for introducing new vulnerabilities.
Weak encryption and doubtful data storage
Older legacy VB6 applications may not employ modern encryption standards and use deprecated algorithms. This might cause additional security vulnerabilities in terms of how sensitive information – personal details, health records, insurance information, and more – is stored and transmitted.
Inadequate logging and monitoring
Older legacy VB6 applications often lack comprehensive logging and monitoring to identify security incidents. This introduces new vulnerabilities by preventing the detection and mitigation of credential stuffing attacks, unauthorized access, data breaches, malware, ransomware, and other known threats.
Outdated components
VB6 systems often rely on older operating systems and middleware that might not receive mainline support. This dependency, if legacy data migration is delayed, also contributes to creating security vulnerabilities.
Regulatory non-compliance
VB6 software might lack security measures causing issues with meeting healthcare regulations and standards. This way, neglecting legacy application migration might provoke business interruption, certification loss, reputational and financial damage, and lost customer loyalty.
Replacing legacy healthcare systems
What are the advantages of migrating VB6 programs?
User authentication and authorization
Modern-day technologies come with robust mechanisms to enable secured authentication and authorization. These comprise two-factor and multi-factor authentication, OpenID Connect, Single Sign-ON, and more.
Data encryption
Contemporary technologies, including the .NET framework, support protocols that enable secure encryption. These ensure data transmitted between systems is protected from eavesdropping and tampering.
Secure coding practices
Modern technologies encourage integrating so-called secure coding practices and thorough design patterns. This way, approaching legacy app migration can minimize the introduction of serious security vulnerabilities, which include SQL injections, cross-site scripting, buffer overflows, and others.
Role-based access control
Newer technologies support role-based access control to define and enforce better tailored access policies. This way, embracing legacy application migration can eliminate privilege escalation, compliance violations, insider threats, and other security-related issues.
Containerized architecture and microservices
Another benefit healthcare providers can enjoy after migrating – containerized architecture and microservices. Modern technologies allow engineers to isolate application components and minimize cyberattack surfaces, thereby accelerating overall security.
Security monitoring and logging
Ditching already obsolete technology might provide built-in support for robust security monitoring and logging. Newer technologies empower engineers to detect and respond to incidents and conduct analysis post-incident.
How we can help
With the domain-specific knowledge and experience in providing application modernization and migration, Abto Software is assisting business leaders moving towards embracing innovation by handling VB6 migration. Our engineers cover everything from discovery to investigation, planning, conversion, and maintenance.
VB6 to .NET migration, VB6 to C# migration, application re-engineering and re-architecting, data migration – we cover it all.
Our services:
- Business analysis and consulting
- Project setup and kick-off
- Code migration
- Code finalization
- Acceptance testing and improvement
- Quality assurance and deployment
Your benefits:
- Higher performance and efficiency
- Expanded functionality and scalability
- Improved security through updates and patches
- Enhanced compatibility across platforms and devices
- Long-term support and maintenance
- Cloud compatibility
