Medical Devices infected by WannaCry Ransomware in US hospitals

According to Forbes, the dreaded WannaCry ransomware has infected medical devices in at least two hospitals in the United States.

WannaCry infected 200,000 computers across 150 countries in a matter of hours last week, it took advantage of a tool named “Eternal Blue”, originally created by the NSA, which exploited a vulnerability present inside the earlier versions of Microsoft Windows. This tool was soon stolen by a hacking group named “Shadow Brokers” which leaked it to the world in April 2017.

Now security experts report the WannaCry ransomware has infected also medical devices as reported by Thomas Fox-Brewster on Forbes.

The journalist published an image of an infected medical device, likely a Bayer Medrad radiology equipment that is used to inject contrast agents inside the human body to aid in MRI scans.

“A source in the healthcare industry passed Forbes an image of an infected Bayer Medrad device in a U.S. hospital. The source did not say which specific hospital was affected, nor could they confirm what Bayer model was hacked. But it appears to be radiology equipment designed to help improve imaging.” states Forbes.”More specifically, it’s a device used for monitoring what’s known in the industry as a “power injector,” which helps deliver a “contrast agent” to a patient. Such agents consist of chemicals that improve the quality of magnetic resonance imaging (MRI) scans.”

The medical device was infected by the WannaCry ransomware because it was running on a version of the Windows Embedded operating system and supporting the SMBv1 protocol.

The name of the hospital where the device was infected was not reported to Forbes, Bayer confirmed it had received two reports from customers in the US.

According to a Bayern spokesperson, the affected hospitals faced limited problems.

“Operations at both sites were restored within 24 hours,” said the spokesperson. “If a hospital’s network is compromised, this may affect Bayer’s Windows-based devices connected to that network.”

Bayer plans to send out a Microsoft patch for its Windows-based devices “soon.”

According to Forbes, a source with the Health Information Trust Alliance (HITRUST) confirmed that WannaCry ransomware also infected and locked down Windows-based medical devices belonging to Siemens.

Siemens admitted that Healthineers products are vulnerable to WannaCry.

“Siemens Healthineers recognizes that some of its customers may be facing impacts from the recent major cyber-attack known as “WannaCry”.” reads the advisory published by Siemens. “Select Siemens Healthineers products may be affected by the Microsoft vulnerability being exploited by the WannaCry ransomware. The exploitability of any such vulnerability depends on the actual configuration and deployment environment of each product.”

Ransomware is a serious threat for the healthcare industry, this specific category of malware could infect systems at hospitals preventing the personnel from using any medical equipment and making ordinary operations (i.e. managing patient data or medical treatment schedules).

WannaCry affected 40 hospitals in the UK. let’s hope operators in the healthcare industry will understand the importance of cyber security for the industry.

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(Security Affairs – WannaCry ransomware, healthcare)

[adrotate banner=”5″]

[adrotate banner=”13″]