Security News #WannaCry hits Medical Devices in US

frogboy

In memoriam 1961-2018
Thread author
Verified
Top Poster
Well-known
Jun 9, 2013
6,720
Medical devices at US hospitals have been hit by the now-infamous WannaCry ransomware.

An unnamed source has released an image of an infected Bayer Medrad device, which is a radiology device used for imaging improvement for MRIs.

A Bayer spokesperson confirmed to Forbes that its products at two hospitals were indeed hit by the malware: "Operations at both sites were restored within 24 hours. If a hospital's network is compromised, this may affect Bayer's Windows-based devices connected to that network."

The spokesperson added that the company is preparing a patch for the Windows-based devices.

Some note that the patching process could be onerous. “Medical devices often use operating systems from the Microsoft’s Windows Embedded product line,” explained Craig Young, computer security researcher for the Tripwire Vulnerability and Exposures Research Team, via email. “Unfortunately...security fixes on embedded devices commonly require a complete firmware update from the vendor, which is then manually installed on the device. This can greatly increase patch delays due to the time it takes for vendors to prepare and test a new firmware to ensure that it will not interfere with the intended operation of the medical device.”

Read More. #WannaCry hits Medical Devices in US
 

In2an3_PpG

Level 18
Verified
Top Poster
Content Creator
Well-known
Nov 15, 2016
867
No excuse, the Windows patch (MS17-010), is available from March.
Probably public institutions and hospitals live on another planet!

As stated though the windows embedded devices will be a pain to update. Believe me the company i work for has around 200 windows embedded scan guns. MC9090's, WT41N0's, WT4090's. Mixed operating systems and the only time the os gets updated is when its shipped out for repair. Cannot do it in house. We just do our best at making sure the devices are locked down so anyone that is using it cannot access the web. These devices are also on a separate private network within.

PC's wont be a problem to update but those embedded devices will be. Like you said there is no excuse for any PC not to be updated though.
 

jamescv7

Level 85
Verified
Honorary Member
Mar 15, 2011
13,070
In Saudi Arabia, the computer systems on a hospital are outdated too (Windows 2000) but strictly activated the limited user account so any programs that will execute is halted.

However that is not the point, no patches or even reliable security software as I investigated way back before.

-----------

I assume that all hospital should also contain backup software so less inconvenience for establishing the OS however isn't.

The I.T department must know the basic points of security implementations.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top