DOTmed Home MRI Oncology Ultrasound Molecular Imaging X-Ray Cardiology Health IT Business Affairs
News Home Parts & Service Operating Room CT Women's Health Proton Therapy Endoscopy HTMs Mobile Imaging
Current Location:
> This Story

starstarstarstarstar (1)
Log in or Register to rate this News Story
Forward Printable StoryPrint Comment


Cyber Security Homepage

Cybersecurity bill for medical devices proposed to US House of Representatives Public-private partnership to create protection framework

RefleXion Medical selects MedCrypt to secure its new radiotherapy technology Updated FDA guidelines put cybersecurity at forefront

Georgia Biomedical Instrumentation Society held its third annual conference and expo Organization takes aim at cybersecurity, device integration and much more

Abbott updates cybersecurity features for 465,000 pacemakers Follows criticism from U.S. health regulators

Homeland Security warns that Philips DoseWise Portal has security vulnerabilities New update mitigates the risk of hacking

Three methods for combating 3-D printer cyberattacks CT scanners and Raman spectroscopy used to examine 3-D printed objects for cyberattacks

IAMERS partners with AAMI to enhance best practices New quality management systems will take aim at cybersecurity

$115 million settlement of Anthem data breach lawsuit Funds will include credit monitoring for impacted individuals

Solutions for mitigating health care investigation complexities and risks Shifting from reactive to proactive to reduce breaches

IT Matters - The need to mitigate data breaches and cyberattacks Five tips to balance great interoperability against the great risks that come with it

Hacking vulnerability in Siemens PET/CT scanners

by Thomas Dworetzky , Contributing Reporter
Some Siemens PET/CT scanners are vulnerable to hacking, both the company and the Department of Homeland Security's Industrial Control System Computer Emergency Response Team (ICS-CERT) have advised.

“Exploits that target these vulnerabilities are publicly available,” the ICS-CERT advisory noted, adding that, “an attacker with low skill would be able to exploit these vulnerabilities.”

Story Continues Below Advertisement

The (#1 Resource) for Medical Imaging and Peripherals. Call 1-949-273-8000

As a Master Distributor for major brands Barco, Philips, and Sony, we offer custom imaging solutions. With our renowned OEM Solutions and Service/Repair Center, Ampronix is a one-stop shop for HD Medical LCD Displays--Printers--Recorders--4K Cameras

Four vulnerabilities have been identified, linked to the fact that the products run Windows 7.

The company stated that it is readying updates to fix these soft spots, which can be “exploited remotely.”

The products involved included all Windows 7-based versions of Siemens PET/CT Systems, SPECT/CT Systems, and SPECT Systems, and Siemens SPECT Workplaces/

According to Siemens, among the vulnerabilities is one whereby a remote attacker could execute arbitrary code by sending specially crafted HTTP requests to the Microsoft web server of affected devices.

This allows code injection onto other devices.

The other three bugs are in the HP Client Automation Service software that manages software in the various systems. This permits the attacker to override access controls and change permissions, giving access to other “privileged” parts of the system.

Siemens Healthineers advises that the molecular imaging products be run on a dedicated network segment in a protected IT environment.

If this cannot be done, then the company advised running devices in standalone mode.

In addition it recommended that users “reconnect the product only after the provided patch or remediation is installed on the system.”

It noted that it is much faster to patch systems that are Remote Update Handling (RUH) enabled by remote software distribution, compared to onsite visits, and advised customers to contact the Customer Care Center to clarify the situation concerning patch availability and remaining risk in the local customer network. This may allow them to reconnect the devices to get the updates.

This vulnerability is just the latest in an ongoing drumbeat of cybersecurity issues that are a growing challenge in the health care industry.

Cyber Security Homepage

You Must Be Logged In To Post A Comment

Increase Your
Brand Awareness
Auctions + Private Sales
Get The
Best Price
Buy Equipment/Parts
Find The
Lowest Price
Daily News
Read The
Latest News
Browse All
DOTmed Users
Ethics on DOTmed
View Our
Ethics Program
Gold Parts Vendor Program
Receive PH
Gold Service Dealer Program
Receive RFP/PS
Healthcare Providers
See all
HCP Tools
A Job
Parts Hunter +EasyPay
Get Parts
Recently Certified
View Recently
Certified Users
Recently Rated
View Recently
Certified Users
Rental Central
Rent Equipment
For Less
Sell Equipment/Parts
Get The
Most Money
Service Technicians Forum
Find Help
And Advice
Simple RFP
Get Equipment
Virtual Trade Show
Find Service
For Equipment
Access and use of this site is subject to the terms and conditions of our LEGAL NOTICE & PRIVACY NOTICE
Property of and Proprietary to, Inc. Copyright ©2001-2017, Inc.