Security & Compliance Blog

Avoiding the Zombie (Server) Apocalypse in Healthcare

April McPherson
5 minute read
April McPherson

In the business world, you don’t have to worry about zombies wandering the halls of accounting or hiding in the closets of the legal department. But there’s a good chance you’ll find at least a few of them in IT. I’m not referring to the reanimated dead depicted in popular TV series such as The Walking Dead. I’m talking about zombie servers lurking in your network—eating up energy, storage, processing power, and other resources while doing nothing for the business.


You may think that your IT environment is zombie free, but the stats indicate that a lot of enterprises are infected with zombies and don’t know it. According to a September 13, 2015 Wall Street Journal article, “Zombie Servers: They’re Here and Doing Nothing but Burning Energy,” Stanford University research fellow Jonathan Koomey estimates that there are as many as 10 million “comatose” servers running in enterprises around the world. These servers drive up IT costs by consuming energy and stealing resources from legitimate applications and processes.

As a healthcare industry IT professional, I’m concerned about anything that drives up costs. But the real danger lies in the fact that no one knows the zombies are there, so no one is keeping track of them. And unmonitored servers that don’t have the latest security patches, open the door to bot attacks that can paralyze your network and security breaches that can allow hackers to steal sensitive information, employee data, intellectual property, and other valuable corporate assets.

Healthcare IT organizations have a heightened need to hunt down zombies because these servers put highly sensitive patient information at risk. The expanding use of electronic medical records (EMRs) has made security a top priority for health insurers, hospitals and clinics, physician groups, labs, and other providers. Healthcare organizations are subject to both legislative mandates such as the Health Insurance Portability and Accountability Act (HIPAA) and industry standards such as the Payment Card Industry Data Security Standard (PCI DSS). Failure to comply—especially with HIPAA—can result in substantial financial penalties. Moreover, noncompliance can result in the loss of a stellar reputation that took years to build.

A great first step in the zombie hunt is getting an accurate accounting of every asset attached to your network. I’m not talking about dispatching teams of people with clipboards to search out and manually record relevant details on every piece of equipment. That’s costly and time consuming, and the data collected is usually obsolete even before the counting is complete. Asking asset owners to maintain spreadsheets listing the assets under their jurisdiction isn’t a viable option either. Keeping spreadsheets up to date is cumbersome and prone to error. What’s more, there’s no easy way to consolidate and distill asset data to make it actionable for smart decision making across all IT lines of business.

The best weapon I have come across is an automated discovery and dependency mapping solution called BMC Helix Discovery.  I generally refer to this as BMC ADDM.

What Discovery Tells You

I’ve encountered zombie servers in my own experience and I’ve heard horror stories from peers inside and outside of the healthcare industry. Some of these zombies hid in closets and others lurked under desks. They fed on power and other resources for years without anyone’s knowledge until IT tracked them down with a discovery solution. Such a solution captures important details on the zombies, including where they are located and their interrelationships and dependencies with other infrastructure components.  This valuable information can provide the knowledge you need to make decisions to remove or not.

But just tracking them down is not enough. One IT organization discovered zombie servers and scheduled them for decommissioning. But instead of shutting them down, the decommissioning team members decided to use them for their own purposes. So the servers were still kicking. The problem? A close look at the servers showed they still held executables for licensed software and were probably in violation of software license terms and out of compliance with security standards. An audit could have resulted in severe financial penalties and people losing their jobs. A later scan by the discovery solution revealed the servers and gave IT the information needed to take corrective action.

In addition to hunting zombie servers, automated discovery can help you rid your live servers of unauthorized software that, like a zombie, is hidden from view. A well-architected solution discovers the applications installed on the servers in the environment—authorized and unauthorized. One of my colleagues implemented automated discovery and was shocked to find five instances of Xboxes running on production servers. And I’ve heard through the grapevine that his isn’t the only organization where gaming was going on. Of course, the gamers weren’t trying to do any harm. However, gaming consumes resources and opens up serious security vulnerabilities—just like zombie servers.

The Benefits

I’m a firm believer that investing in an effective infrastructure discovery and dependency mapping tool is money well spent—especially in the healthcare industry. Benefits healthcare as well as other organizations in a variety areas:

  • Security – It’s virtually impossible to ensure data and network security if you don’t know what’s out there. To lock down your network you need know all the entry points. Discovery and dependency mapping gives you that visibility.
  • Inventory – IT resources are expensive, and EMR solutions need lots of them. Discovery and dependency mapping helps you ensure that you’re using what you have wisely and that you’ve eliminated or repurposed idle assets before you ask for more resources.
  • Change management – Insight into dependencies enables IT teams to assess the impact of any planned changes. With this insight they can coordinate and collaborate with other teams to ensure that a change in one area doesn’t create problems for people in other areas. The result is a better work environment.
  • Audits – Whether you’re being audited for HIPAA compliance or undergoing a software true-up, automated discovery and dependency mapping and its associated reporting greatly facilitates the process and drives down audit costs.

Discovery Equals Empowerment

Based on my experience and what I’ve heard from peers across many industries, the majority of IT organizations don’t have clear visibility into their IT environments. Many of them have zombies and unauthorized software hidden in their networks, driving up costs and wreaking havoc on security and compliance. There’s a simple solution. Discovery and dependency mapping. Starting on the path to discovery and dependency mapping sooner rather than later is a must in the healthcare industry to ensure the security of the vast amounts of sensitive data we handle. With discovery and dependency mapping, you gain the visibility you need to track down and eliminate these culprits and bar the door on the entry points into your network.

Dummies Guide to Security Operations

When security and operations teams collaborate closely, they can protect your business more effectively against all kinds of threats. Learn more in the SecOps For Dummies guide.
Download Now ›

These postings are my own and do not necessarily represent BMC's position, strategies, or opinion.

See an error or have a suggestion? Please let us know by emailing

About the author

April McPherson

April McPherson

April McPherson is an ITSM professional and Senior Systems Engineer. Along with multiple professional certifications, she graduated Magna Cum Laude from DeVry University with a B.S. in Network and Communications Management. Her accomplishments include successfully administering Remedy On Demand, including a fully functional service request portal and a federated CMDB using BMC products. She lives in Kansas.