If there's a zero day, there's not a lot you can do. NHS got hit so bad because they were running very old Windows versions. A lot of embedded systems have no upgrade paths (MRIs running embedded XP should probably not be on the network at all).
Hospitals need full backup machines and with health care costs already through the roof, that will just add more. Even if you have all your order entry machines setup to not make external Internet connections except to update servers, one bad e-mail getting through and you could be in trouble.
You're gonna need your MRIs on the network cuz they transmit the actual PHI via PACS.
No way the operator is copying a 5GB+ dicom file to your record in your EMR manually.
You NEED to have the patient name added via modality worklists to reduce errors (ie. add the pt to the MRI software before the scan, and send the scan to the EMR once it's taken).
The worst thing is, this protocol is old and insecure. They just don't have the IT chops at hospitals to handle this.
Zero days may get the headlines, but attackers are finding a lot of value in leveraging old vulnerabilities. CISA, FBI and NSA have issued several advisories over the last month highlighting an overarching theme of advanced persistent threat groups targeting unpatched vulnerabilities lately.
Hospitals need full backup machines and with health care costs already through the roof, that will just add more. Even if you have all your order entry machines setup to not make external Internet connections except to update servers, one bad e-mail getting through and you could be in trouble.