Over 950 Cleansweep Auctions End Tomorrow 05/02 - Bid Now
Over 800 Total Lots Up For Auction at Four Locations - TX 05/03, TX 05/06, NJ 05/08, WA 05/09

Spanish Spanish

Hacking vulnerability in Siemens PET/CT scanners

by Thomas Dworetzky, Contributing Reporter | August 09, 2017
Cyber Security Molecular Imaging PET
Share
Some Siemens PET/CT scanners are vulnerable to hacking, both the company and the Department of Homeland Security's Industrial Control System Computer Emergency Response Team (ICS-CERT) have advised.

“Exploits that target these vulnerabilities are publicly available,” the ICS-CERT advisory noted, adding that, “an attacker with low skill would be able to exploit these vulnerabilities.”

Four vulnerabilities have been identified, linked to the fact that the products run Windows 7.
stats
DOTmed text ad

Your Centrifuge Specialty Store

Quality remanufactured Certified Centrifuges at Great prices! Fully warranted and backed by a company you can trust! Call or click for a free quote today! www.Centrifugestore.com 800-457-7576

stats
The company stated that it is readying updates to fix these soft spots, which can be “exploited remotely.”

The products involved included all Windows 7-based versions of Siemens PET/CT Systems, SPECT/CT Systems, and SPECT Systems, and Siemens SPECT Workplaces/Symbia.net.

According to Siemens, among the vulnerabilities is one whereby a remote attacker could execute arbitrary code by sending specially crafted HTTP requests to the Microsoft web server of affected devices.

This allows code injection onto other devices.

The other three bugs are in the HP Client Automation Service software that manages software in the various systems. This permits the attacker to override access controls and change permissions, giving access to other “privileged” parts of the system.

Siemens Healthineers advises that the molecular imaging products be run on a dedicated network segment in a protected IT environment.

If this cannot be done, then the company advised running devices in standalone mode.

In addition it recommended that users “reconnect the product only after the provided patch or remediation is installed on the system.”

It noted that it is much faster to patch systems that are Remote Update Handling (RUH) enabled by remote software distribution, compared to onsite visits, and advised customers to contact the Customer Care Center to clarify the situation concerning patch availability and remaining risk in the local customer network. This may allow them to reconnect the devices to get the updates.

This vulnerability is just the latest in an ongoing drumbeat of cybersecurity issues that are a growing challenge in the health care industry.
Sign up for Weekly Top stories

You Must Be Logged In To Post A Comment

Sign up for Weekly Top stories

 

advertisement

Cyber Security Homepage

How Gartner's 2024 cybersecurity trends can guide your cybersecurity efforts
HHS opens probe into role Change Healthcare may have played in cyberattack
Ransomware attackers claim they sold Lurie Children's Hospital data for $3.4 million on dark web
AMA, AHA tell US government to do better by providers affected by Change Healthcare hack
Ukrainian man pleads guilty to cyberattack that left US hospital out $65 million and offline for two weeks
Five Minutes in Healthcare - Devon Bream
How GE HealthCare puts IT security in the Cath and EP Labs top of mind
Off-site Minnesota radiology provider offline for a week following cyberattack
Montefiore to pay $4.75 million settlement for cybersecurity vulnerabilities
FBI probes cyberattack that has left Lurie Children's Hospital offline for over a week