In memoriam 1961-2018
Medical devices at US hospitals have been hit by the now-infamous WannaCry ransomware.

An unnamed source has released an image of an infected Bayer Medrad device, which is a radiology device used for imaging improvement for MRIs.

A Bayer spokesperson confirmed to Forbes that its products at two hospitals were indeed hit by the malware: "Operations at both sites were restored within 24 hours. If a hospital's network is compromised, this may affect Bayer's Windows-based devices connected to that network."

The spokesperson added that the company is preparing a patch for the Windows-based devices.

Some note that the patching process could be onerous. “Medical devices often use operating systems from the Microsoft’s Windows Embedded product line,” explained Craig Young, computer security researcher for the Tripwire Vulnerability and Exposures Research Team, via email. “ fixes on embedded devices commonly require a complete firmware update from the vendor, which is then manually installed on the device. This can greatly increase patch delays due to the time it takes for vendors to prepare and test a new firmware to ensure that it will not interfere with the intended operation of the medical device.”

Read More. #WannaCry hits Medical Devices in US


Level 17
Content Creator
No excuse, the Windows patch (MS17-010), is available from March.
Probably public institutions and hospitals live on another planet!
As stated though the windows embedded devices will be a pain to update. Believe me the company i work for has around 200 windows embedded scan guns. MC9090's, WT41N0's, WT4090's. Mixed operating systems and the only time the os gets updated is when its shipped out for repair. Cannot do it in house. We just do our best at making sure the devices are locked down so anyone that is using it cannot access the web. These devices are also on a separate private network within.

PC's wont be a problem to update but those embedded devices will be. Like you said there is no excuse for any PC not to be updated though.


Level 85
In Saudi Arabia, the computer systems on a hospital are outdated too (Windows 2000) but strictly activated the limited user account so any programs that will execute is halted.

However that is not the point, no patches or even reliable security software as I investigated way back before.


I assume that all hospital should also contain backup software so less inconvenience for establishing the OS however isn't.

The I.T department must know the basic points of security implementations.