Department of Homeland Security, Vendor Issue Warnings About Cyber Flaws
The Department of Homeland Security has issued an alert warning about cyber vulnerabilities in certain Siemens medical imaging products running Windows 7 that could allow hackers to “remotely execute arbitrary code.” How serious are the risks?
While the company is downplaying the risk to patients, some security experts say the vulnerabilities could pave the way for malicious attacks, including ransomware attacks, if they are not patched.
The alert from DHS’ Industrial Control Systems Cyber Emergency Response Team says Munich, Germany-based Siemens identified four vulnerabilities in the medical imaging products and is preparing patches.
“These vulnerabilities could be exploited remotely,” DHS notes. “Exploits that target these vulnerabilities are known to be publicly available. Successful exploitation of these vulnerabilities may allow the attacker to remotely execute arbitrary code. Impact to individual organizations depends on many factors that are unique to each organization.”
ICS-CERT recommends that healthcare organizations using the devices evaluate the impact of these vulnerabilities based on their operational environment and specific clinical usage.