Siemens to update medical scanner software amid Homeland Security warning machines could be hacked

  •  DHS says a 'low skill' attacker could compromise the machines
  • Windows 7 software on the machines is vulnerable to attack 

German industrial group Siemens expects to update software in some of its medical scanners by the end of the month to deal with vulnerabilities that could, in theory, allow some of this equipment to be hacked, a company spokesman said on Monday.

Last week, the U.S. Department of Homeland Security issued a security notice warning that 'an attacker with a low skill would be able to exploit these vulnerabilities' using known weaknesses that exist in older Windows software.

The Siemens spokesman said no evidence of any attack had been found.

German industrial group Siemens expects to update software in some of its medical scanners by the end of the month to deal with vulnerabilities that could, in theory, allow the kit to be hacked (stock image shown)

German industrial group Siemens expects to update software in some of its medical scanners by the end of the month to deal with vulnerabilities that could, in theory, allow the kit to be hacked (stock image shown)

WHAT'S AFFECTED? 

PET scanners help to reveal how tissues and organs are functioning by using a radioactive drug to trace activity. 

They can reveal or assess cancer, heart disease and brain disorders.

Initially, the Munich-based company advised hospital and other medical customers to disconnect the scanners until a update was released.

But the company spokesman said on Monday that after further review, it no longer believed disconnecting the scanners was necessary.

 

Siemens' action provides more evidence of a growing focus on preventing cyber attacks on medical equipment, which for years ranked low on the list of potential hacking targets.

The vulnerabilities identified by Siemens were in its PET (positron emission tomography) scanners that run on Microsoft Windows 7, which could be exploited remotely.

PET scanners help to reveal how tissues and organs are functioning by using a radioactive drug to trace activity. 

They can reveal or assess cancer, heart disease and brain disorders.

Initially, the Munich-based company advised hospital and other medical customers to disconnect the scanners until a update was released.

But the company spokesman said on Monday that after further review, it no longer believed disconnecting the scanners was necessary.

Siemens has assigned a security severity rating of 9.8 out of 10, using the open industry standard CVSS (Common Vulnerability Scoring System) risk assessment system, according to the U.S. security notice.

'Based on the existing controls of the devices and use conditions, we believe the vulnerabilities do not result in any elevated patient risk,' Siemens said. 

'To date, there have been no reports of exploitation of the identified vulnerabilities on any system installation worldwide.'

Large imaging machines such as PET scanners are typically not directly connected to the Internet but are connected to clinical IT systems, which can be infected, for example, by an email attachment sent to a different part of the system.

'It's pretty serious,' UK-based independent computer security analyst Graham Cluley said. 

'It does seem that these vulnerabilities can be exploited remotely and rather trivially.'

He said hospitals in general were badly protected against hacking, partly because of underfunding and partly because some older medical machines are not compatible with the latest versions of software operating systems.

The vulnerabilities identified by Siemens were in its PET (positron emission tomography) scanners that run on Microsoft Windows 7, which could be exploited remotely.

The vulnerabilities identified by Siemens were in its PET (positron emission tomography) scanners that run on Microsoft Windows 7, which could be exploited remotely.

The global WannaCry cyber attack in May highlighted the vulnerability of medical systems when it caused major disruption to X-ray machines and other computer equipment in Britain's National Health Service, forcing hospitals to turn away patients.

Earlier this year, Abbott Laboratories moved to protect patients with its St. Jude heart implants against possible cyber attacks, releasing a software patch that the firm said would reduce the 'extremely low' chance of them being hacked.

Siemens plans a public listing for its healthcare unit, Healthineers, next year. 

The IPO is expected to value the business at up to 40 billion euros ($47 billion).

THE WANNACRY ATTACK

What is ransomware? 

Ransomware is a type of malicious software that criminals use to attack computer systems.

Hackers often demand the victim to pay ransom money to access their files or remove harmful programs.

The aggressive attacks dupe users into clicking on a fake link – whether it's in an email or on a fake website, causing an infection to corrupt the computer.

In some instances, adverts for pornographic website will repeatedly appear on your screen, while in others, a pop-up will state that a piece of your data will be destroyed if you don't pay.

In the case of the NHS attack, the ransomware used was called Wanna Decryptor or 'WannaCry' Virus. 

 

 

What was the WannaCry virus?

The WannaCry virus targets Microsoft's widely used Windows operating system.

The virus encrypts certain files on the computer and then blackmails the user for money in exchange for the access to the files.

It leaves the user with only two files: Instructions on what to do next and the Wanna Decryptor program itself.

When opened the software tells users that their files have been encrypted and gives them a few days to pay up or their files will be deleted.

It can quickly spread through an entire network of computers in a business or hospital, encrypting files on every PC.

How to protect yourself from ransomware 

Thankfully, there are ways to avoid ransomware attacks, and Norton Antivirus has compiled a list of prevention methods:

1. Use reputable antivirus software and a firewall

2. Back up your computer often

3. Set up a popup blocker

4. Be cautious about clicking links inside emails or on suspicious websites

5. If you do receive a ransom note, disconnect from the Internet

6. Alert authorities

The comments below have not been moderated.

The views expressed in the contents above are those of our users and do not necessarily reflect the views of MailOnline.

We are no longer accepting comments on this article.