In the wake of the first reports that the WannaCry ransomware attack has also hit some U.S. hospitals, imaging vendors are moving quickly to help affected customers and to address the threat from the ransomware, which appeared worldwide on May 12.
AuntMinnie.com reached out to a sample of large imaging vendors to investigate the effects of the ransomware attack in the U.S., and to hear how the companies were responding to WannaCry, which significantly affected imaging operations at a number of hospitals in the U.K. National Health Service.
While most vendors we contacted did not wish to discuss the specific impact of WannaCry on their radiology equipment, all said they have been working to support their customers and provide a range of security resources to address this threat.
Bayer
Bayer has received reports from two customers in the U.S. with affected devices. Radiology operations at both sites were restored within 24 hours, said spokesperson Catherine Keck Anderson.
If a hospital's network is compromised, Bayer's Windows-based devices connected to that network may be affected, she said. These devices include control room units (Certegra workstation software) for the company's Medrad Stellant CT and MRXperion MR contrast injection systems; Certegra and VirtualCare devices; Intego PET infusion Radiation Dose Management System (RDMS); and Certegra Connect.CT.
Bayer is contacting customers to inform them that a Bayer-certified Microsoft security patch is now available for Windows-based devices, Anderson said.
The company's advisory on WannaCry for customers can be found here.
GE Healthcare
GE Healthcare declined to discuss in detail the impact of WannaCry on its U.S. customers, but the company did say that it is working to support those that have been affected by ransomware.
"GE Healthcare has activated a cross-functional engineering, cybersecurity, services, and technology team to undertake a full review of all products," said spokesperson Benjamin Fox. "Our teams around the world are continuously monitoring the situation to ensure customers and their services teams have access to the most up-to-date information available in a highly dynamic situation."
Philips Healthcare
Philips Healthcare has received a few reports of its products being affected by the ransomware, and it is currently investigating these reports per its incident response protocols, said spokesperson Mario Fante.
"Consistent with Philips Product Security Policy, our global network of product security officers and technical support teams are closely monitoring the situation and continue to take appropriate preventative measures," Fante said. "Philips will continue to drive preventative measures, such as installation of the latest Philips-approved [Microsoft] security patches, and work with our customer base to address this malware event."
Philips highly recommends that all customers -- with and without service contracts -- contact their local service support team or regional product service support to discuss any needed guidance, services, or questions they might have regarding specific product installations, Fante told AuntMinnie.com.
"Philips is committed to ensuring robust product security resources and support for our healthcare customers, and their patients and consumers who rely on them," he said. "We continue to engage with the medical device industry, security research community, and government agencies to monitor the situation, respond accordingly, and meet ongoing healthcare cybersecurity challenges."
The company provided further guidance for its customers in a security advisory on May 15.
Siemens Healthineers
Siemens Healthineers is aware that some customers have been affected by the WannaCry cyberattack, said spokesperson Lance Longwell.
"Whether any such vulnerability can be exploited is dependent on the actual configuration and deployment environment of each product," Longwell said. "We are working alongside our customers to remedy the consequences of this attack."
Siemens has also issued a security bulletin for its imaging and diagnostics products, as well as security advisories with specific remediation information for its Magnetom MRI systems, its Somatom CT scanners, its Multi-Modality Workplace software, and select radiography, mobile x-ray, and mammography products.
Toshiba Medical
Toshiba Medical is not aware of any instances in the U.S. of WannaCry infecting its devices, said Satrajit Misra, vice president of marketing and strategic development for Toshiba Medical Systems.
Misra noted that older devices that are not equipped with Windows 7 or later operating systems may have a higher vulnerability to infection. That vulnerability may be mitigated, however, if the system uses Toshiba's eProtect network device or remote service devices, he said.
Toshiba also provides customers with a number of security offerings, including incorporating white-list antivirus software (McAfee Solidifier) in all current Toshiba Medical image-generating devices and providing software updates from Microsoft and other companies to control security threats, he said. In addition, all current Toshiba Medical imaging systems use Windows 7.
"However, when systems are connected to networks with internet access, the PCs -- including Toshiba Medical products incorporated in them -- can become susceptible to malicious software attacks," Misra told AuntMinnie.com. "Therefore all customers must ensure that adequate security measures have been implemented into their network."
Toshiba's network security policy can be found here.