How legacy VB6 systems are endangering healthcare providers

How legacy VB6 systems are endangering healthcare providers

In the healthcare industry, it is becoming common to maintain legacy applications, in particular VB6 systems, that comprise historical information to preserve mission-critical functionality:

  • In the healthcare sector, patient safety is of utmost importance – application upgrades and migration can disrupt critical operations, so organizations are hesitant about approaching modernization efforts
  • In the healthcare domain, the resources are often quite limited – system upgrades and migration, typically requiring significant investments, are posing a challenge to smaller and medium-sized healthcare providers 
  • Legacy systems are well-integrated into the healthcare infrastructure, and upgrades can introduce interoperability issues 
  • Legacy systems are integral to integrated medical devices that have extended lifecycles, and upgrading existing systems might necessitate their replacement 

In today’s digital world, healthcare systems are housing large amounts of personally identifiable information. These include full names, home addresses, health records, insurance information, and social security numbers – all very valuable resources attracting hackers.

In this short overview, we’ll shed some light on the most impactful data breaches in the healthcare segment and reveal how maintaining Visual Basic 6 systems might cause data leakage.  

The biggest data breaches in 2024

In the table below, you see the largest data breaches healthcare providers and associates fell victim in 2024:

Covered entityIndividuals affectedStateDate
Otolaryngology Associates, LLC316802IN01/04/2024
Family Health Center33240MI24/03/2024
Designed Receivable Solutions, Inc.129584CA23/03/2024
Emergency Medical Services Authority611743OK22/03/2024
M&D Capital Premier Billing, LLC284326NY21/03/2024
Pomona Valley Hospital Medical Center13345CA20/03/2024
Ezras Choilim Health Center, Inc.59861NY19/03/2024
Valley Oaks Health50034IN18/03/2024
Weirton Medical Center26793WV18/03/2024
Eastern Radiologists, Inc886746NC29/02/2024

Original source: The Secretary of HHS, official portal

The biggest data breaches in the last decade

But let’s get down to the most harmful data breaches in the United States health sector over the last decade:


Date: September 2011

Impact: 5 million patients

Tricare, a healthcare program for active-duty military personnel and retirees, has faced a massive data breach. The backups of electronic health records were stolen when transported between facilities.

In the Tricare breach, the following data got potentially compromised:

  • Full names
  • Home addresses
  • Phone numbers
  • Health records
  • Clinical notes
  • Lab tests
  • Prescription information
  • And social security numbers

Community Health Systems

Date: April-June 2014

Impact: 4.5 million patients

The cybercriminals, being suspected to be primarily based in China, have introduced sophisticated malware. The cyberattack affected individuals receiving services at the network’s facilities over about the last five years.

In the Community Health Systems breach, the following data got potentially compromised:

  • Full names
  • Home addresses
  • Phone numbers
  • And social security numbers


Date: July 2015

Impact: 4.5 million patients

UCLA faced a serious data breach in October of 2014, but its malicious potential wasn’t confirmed back then. The later security incident in July of 2015 was confirmed and resulted in millions of sensitive patient records being compromised.

The compromised data included:

  • Full names
  • Birth dates
  • Medical information
  • Medicaid details
  • Health plan identification numbers
  • And social security numbers

Advocate Health Care

Date: August 2013

Impact: 4.03 million patients

Advocate Health Care experienced a major data breach, which involved the theft of four personal computers. These stored unencrypted information of millions of personal patient records.

The compromised data included:

  • Full names
  • Home addresses
  • Demographic information 
  • Clinical information
  • Insurance information
  • Credit cards with their expiration dates
Abto Software’s healthcare expertise
Learn more about our healthcare services

Maintaining legacy healthcare solutions

So, what’s the deal with outdated VB6 programs? 

Unavailable updates and patches

The technology hasn’t received mainline support, meaning updates and patches, from Microsoft since 2008. This leaves business leaders delaying legacy system migration potentially exposed to exploits targeting known security vulnerabilities in the programming language or in associated libraries and components.

Troublesome integration

The technology might require additional adaptations to ensure smooth integration with more modern systems. This means business decision-makers omitting legacy software migration must approach makeshift integration, which makes more room for introducing new vulnerabilities.

Weak encryption and doubtful data storage

Older legacy VB6 applications may not employ modern encryption standards and use deprecated algorithms. This might cause additional security vulnerabilities in terms of how sensitive information – personal details, health records, insurance information, and more – is stored and transmitted. 

Inadequate logging and monitoring

Older legacy VB6 applications often lack comprehensive logging and monitoring to identify security incidents. This introduces new vulnerabilities by preventing the detection and mitigation of credential stuffing attacks, unauthorized access, data breaches, malware, ransomware, and other known threats.

Outdated components

VB6 systems often rely on older operating systems and middleware that might not receive mainline support. This dependency, if legacy data migration is delayed, also contributes to creating security vulnerabilities.

Regulatory non-compliance

VB6 software might lack security measures causing issues with meeting healthcare regulations and standards. This way, neglecting legacy application migration might provoke business interruption, certification loss, reputational and financial damage, and lost customer loyalty.

Replacing legacy healthcare systems

What are the advantages of migrating VB6 programs?

User authentication and authorization

Modern-day technologies come with robust mechanisms to enable secured authentication and authorization. These comprise two-factor and multi-factor authentication, OpenID Connect, Single Sign-ON, and more.

Data encryption

Contemporary technologies, including the .NET framework, support protocols that enable secure encryption. These ensure data transmitted between systems is protected from eavesdropping and tampering.

Secure coding practices

Modern technologies encourage integrating so-called secure coding practices and thorough design patterns. This way, approaching legacy app migration can minimize the introduction of serious security vulnerabilities, which include SQL injections, cross-site scripting, buffer overflows, and others.

Role-based access control

Newer technologies support role-based access control to define and enforce better tailored access policies. This way, embracing legacy application migration can eliminate privilege escalation, compliance violations, insider threats, and other security-related issues.  

Containerized architecture and microservices 

Another benefit healthcare providers can enjoy after migrating – containerized architecture and microservices. Modern technologies allow engineers to isolate application components and minimize cyberattack surfaces, thereby accelerating overall security.

Security monitoring and logging

Ditching already obsolete technology might provide built-in support for robust security monitoring and logging. Newer technologies empower engineers to detect and respond to incidents and conduct analysis post-incident.

VB6 migration by a Microsoft
Gold Certified Partner
Empowering leaders on their
digitization journey since 2007

How we can help

With the domain-specific knowledge and experience in providing application modernization and migration, Abto Software is assisting business leaders moving towards embracing innovation by handling VB6 migration. Our engineers cover everything from discovery to investigation, planning, conversion, and maintenance.

VB6 to .NET migration, VB6 to C# migration, application re-engineering and re-architecting, data migration – we cover it all.

Our services:

  • Business analysis and consulting
  • Project setup and kick-off
  • Code migration
  • Code finalization
  • Acceptance testing and improvement
  • Quality assurance and deployment

Your benefits:

  • Higher performance and efficiency
  • Expanded functionality and scalability
  • Improved security through updates and patches
  • Enhanced compatibility across platforms and devices
  • Long-term support and maintenance
  • Cloud compatibility

Contact us

Tell your idea, request a quote or ask us a question