If it is GE, then GE support controls the Admin access, unless the PACs Admin was able to wrestler that away from them. So those Tech workstations don’t get updated. Plus they are not (typically) connected, nor should they, to the Internet. I really don’t know why or how they got the bot. Sounds like the Network Admining going on at these Hospitals and Radiology Centers is really incompetent. The Radiology network should be separate from the general network. Granted there could be lose of control at the Image Viewing workstations that the Radiology doctors view the X-Rays on. I mean, Heaven forbid you take a docs Internet access away.
But those workstations would be (hopefully) regularly updated and running anti-virus and other anti-spyware software.
The only equipment that would be on a network that had Internet access, would be doctor offices that have one or two pieces of equipment, thus not validating having separate networks or the back end server having access and thus creating outside access to the equipment. Also putting the devices on the network is only a recent thing to digitize the images for secured web viewing. If we are talking bigger operations like Radiology Centers than the MRI and other equipment Tech workstations would be communicating with the back end Imaging Server. That server would have access to the Internet as it is communicating with the web server so that the Imaging Viewing software can be viewed externally.
This is one of the problems with doing the now standard practice of getting a second outside Radiologist’s opinion, which means giving them access to the internal network (usually via VPN). That means workstations that are not under the control of the office’s IT people.
If that home workstation that the Radiologists is doing his/her readings from is not properly patched than the bot or virus could be transmitted via the VPN onto the back end servers, than spread further out in the internal network.