After the WannaCry outbreak heard ‘round the world, Siemens is working to bolster the security of its medical products.
Practical TIP: If your healthcare practice is using Siemens products, review the notes and advisories below to ensure your devices aren’t left vulnerable to attack.
Siemens Background
Headquartered in Munich, Germany, Siemens specializes in products and devices used in medical imaging and are used globally across the healthcare sector.
Siemens Updates
The well-documented WannaCry ransomware attack leveraged a vulnerability in Microsoft’s Server Message Block. Siemens noted this might impact some of their products and has provided important updates below:
- This bulletin provides an overview and list of Siemens Healthineers products that can be patched with the Microsoft SMBv1 updates.
- This security advisory highlights select Laboratory Diagnostics products affected by the SMBv1 vulnerabilities.
- Siemens notes solutions have been developed for the affected products listed, which are available via customer support.
- This security advisory from Siemens details certain Molecular Imaging products affected by vulnerabilities in Microsoft Windows 7 and HP Client Automation.
- The advisory lists the vulnerabilities and provides recommended solutions
- For more information on these vulnerabilities in the Molecular Imaging products, review the report from ICS-CERT.
Siemens is preparing updates for the affected products and recommends protecting network access to the Molecular Imaging products with appropriate mechanisms.
Siemens Advice
Run the devices in a dedicated network segment and protected IT environment.
If this is not possible, Siemens recommends the following:
- If patient safety and treatment is not at risk, disconnect the product from the network and use in standalone mode.
- Reconnect the product only after the provided patch or remediation is installed on the system.
-
- Siemens is able to patch systems capable of Remote Update Handling (RUH) much faster by remote software distribution compared to onsite visits.
- Users of RUH-capable equipment are recommended to clarify the situation concerning patch availability and remaining risk in the local customer network with the Siemens Customer Care Center first and then to reconnect the systems in order to receive patches as quickly as possible via RUH.
- This ensures smooth and fast receipt of updates and therefore supports reestablishment of system operations.