Siemens plans to update software in some of its medical scanners by the end of the month after discovering vulnerabilities that could allow for the equipment to be hacked, a company spokesman told Reuters.
Here are five things to know.
1. These vulnerabilities could be exploited remotely, allowing the attacker to inject and execute arbitrary code in certain Siemens medical devices — specifically its positron emission tomography scanners running on Windows 7, according to a Department of Homeland Security advisory issued Friday.
2. A "low skill" attacker would be able to take advantage of these vulnerabilities, and exploits targeting the vulnerabilities are already publicly available, according to the DHS Industrial Control Systems-Cyber Emergency Response Team.
3. There has been no evidence of any attacks on the scanners, the Siemens spokesman told Reuters.
4. Siemens originally recommended organizations take precautions such as disconnecting the scanners, reports Reuters. However, after a further review, the company determined disconnecting the devices was not necessary.
5. The company also advised users to run devices in a dedicated network segment and protected IT environment and maintain appropriate system backups and restoration procedures, according to the DHS ICS-CERT alert.
"Based on the existing controls of the devices and use conditions, we believe the vulnerabilities do not result in any elevated patient risk," Siemens told Reuters. "To date, there have been no reports of exploitation of the identified vulnerabilities on any system installation worldwide."
Click here to read the full alert.
More articles on health IT:
Mythbusters: Better care is most cost effective