Skip to comments.Conficker worm hits hospital devices
Posted on 04/29/2009 8:03:10 PM PDT by Gomez
A computer worm that has alarmed security experts around the world has crawled into hundreds of medical devices at dozens of hospitals in the United States and other countries, according to technologists monitoring the threat.
The worm, known as "Conficker," has not harmed any patients, they say, but it poses a potential threat to hospital operations.
"A few weeks ago, we discovered medical devices, MRI machines, infected with Conficker," said Marcus Sachs, director of the Internet Storm Center, an early warning system for Internet threats that is operated by the SANS Institute.
(Excerpt) Read more at mercurynews.com ...
So medical devices connected to the network run Windows, eh? Now what could possibly go wrong?
WHAT ARE THEY THINKING?
National health care will be an absolute nightmare.
Many may not know that they’re making patient beds with IP addresses now, which are connected to the network, which could potentially be hacked. Not only are the beds connected, but the drip bag machines are also connected. Hmmmmmm.......sounds like someone could hack into the hospital, find a certain patient’s bed and drip bag, and cause all kinds of havoc.
The Tech stations usually are, but the devices themselves mostly not. GE Centricity workstations tend to be Windows 2000 Pro. Fujitsu/Siemens also tend to use Windows for the Tech workstations. Everything else tends to be some Unix variant.
Win 2k Pro can be patched to cover this...why wasn’t it? I’m usng a 2k Pro box right now and it was patched 3 days after the patch was released. Hey, gotta let the other fools find out which ones are totally broken, right?
If it is GE, then GE support controls the Admin access, unless the PACs Admin was able to wrestler that away from them. So those Tech workstations don’t get updated. Plus they are not (typically) connected, nor should they, to the Internet. I really don’t know why or how they got the bot. Sounds like the Network Admining going on at these Hospitals and Radiology Centers is really incompetent. The Radiology network should be separate from the general network. Granted there could be lose of control at the Image Viewing workstations that the Radiology doctors view the X-Rays on. I mean, Heaven forbid you take a docs Internet access away.
But those workstations would be (hopefully) regularly updated and running anti-virus and other anti-spyware software.
The only equipment that would be on a network that had Internet access, would be doctor offices that have one or two pieces of equipment, thus not validating having separate networks or the back end server having access and thus creating outside access to the equipment. Also putting the devices on the network is only a recent thing to digitize the images for secured web viewing. If we are talking bigger operations like Radiology Centers than the MRI and other equipment Tech workstations would be communicating with the back end Imaging Server. That server would have access to the Internet as it is communicating with the web server so that the Imaging Viewing software can be viewed externally.
This is one of the problems with doing the now standard practice of getting a second outside Radiologist’s opinion, which means giving them access to the internal network (usually via VPN). That means workstations that are not under the control of the office’s IT people.
If that home workstation that the Radiologists is doing his/her readings from is not properly patched than the bot or virus could be transmitted via the VPN onto the back end servers, than spread further out in the internal network.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.