Cyber Monday Deal: Up to 60% off InvestingProCLAIM SALE

Siemens to update medical scanner software to deal with security bugs

Published 08/07/2017, 11:56 AM
Updated 08/07/2017, 12:00 PM
© Reuters. FILE PHOTO - Siemens logo is pictured at Siemens Healthineers headquarters in Erlangen
MSFT
-
SIEGn
-
ABT
-

By Georgina Prodhan

FRANKFURT (Reuters) - German industrial group Siemens (DE:SIEGn) expects to update software in some of its medical scanners by the end of the month to deal with vulnerabilities that could, in theory, allow some of this equipment to be hacked, a company spokesman said on Monday.

Last week, the U.S. Department of Homeland Security issued a security notice warning that "an attacker with a low skill would be able to exploit these vulnerabilities" using known weaknesses that exist in older Windows software. (https://goo.gl/9NG1ya)

The Siemens spokesman said no evidence of any attack had been found.

Siemens' action provides more evidence of a growing focus on preventing cyber attacks on medical equipment, which for years ranked low on the list of potential hacking targets.

The vulnerabilities identified by Siemens were in its PET (positron emission tomography) scanners that run on Microsoft Windows 7 (O:MSFT), which could be exploited remotely.

PET scanners help to reveal how tissues and organs are functioning by using a radioactive drug to trace activity. They can reveal or assess cancer, heart disease and brain disorders.

Initially, the Munich-based company advised hospital and other medical customers to disconnect the scanners until a update was released.

But the company spokesman said on Monday that after further review, it no longer believed disconnecting the scanners was necessary.

Siemens has assigned a security severity rating of 9.8 out of 10, using the open industry standard CVSS (Common Vulnerability Scoring System) risk assessment system, according to the U.S. security notice.

"Based on the existing controls of the devices and use conditions, we believe the vulnerabilities do not result in any elevated patient risk," Siemens said. "To date, there have been no reports of exploitation of the identified vulnerabilities on any system installation worldwide."

Large imaging machines such as PET scanners are typically not directly connected to the Internet but are connected to clinical IT systems, which can be infected, for example, by an email attachment sent to a different part of the system.

"It's pretty serious," UK-based independent computer security analyst Graham Cluley said. "It does seem that these vulnerabilities can be exploited remotely and rather trivially."

He said hospitals in general were badly protected against hacking, partly because of underfunding and partly because some older medical machines are not compatible with the latest versions of software operating systems.

The global WannaCry cyber attack in May highlighted the vulnerability of medical systems when it caused major disruption to X-ray machines and other computer equipment in Britain's National Health Service, forcing hospitals to turn away patients.

Earlier this year, Abbott Laboratories (N:ABT) moved to protect patients with its St. Jude heart implants against possible cyber attacks, releasing a software patch that the firm said would reduce the "extremely low" chance of them being hacked.

Siemens plans a public listing for its healthcare unit, Healthineers, next year. The IPO is expected to value the business at up to 40 billion euros ($47 billion).

© Reuters. FILE PHOTO - Siemens logo is pictured at Siemens Healthineers headquarters in Erlangen

($1 = 0.8482 euros)

Latest comments

Risk Disclosure: Trading in financial instruments and/or cryptocurrencies involves high risks including the risk of losing some, or all, of your investment amount, and may not be suitable for all investors. Prices of cryptocurrencies are extremely volatile and may be affected by external factors such as financial, regulatory or political events. Trading on margin increases the financial risks.
Before deciding to trade in financial instrument or cryptocurrencies you should be fully informed of the risks and costs associated with trading the financial markets, carefully consider your investment objectives, level of experience, and risk appetite, and seek professional advice where needed.
Fusion Media would like to remind you that the data contained in this website is not necessarily real-time nor accurate. The data and prices on the website are not necessarily provided by any market or exchange, but may be provided by market makers, and so prices may not be accurate and may differ from the actual price at any given market, meaning prices are indicative and not appropriate for trading purposes. Fusion Media and any provider of the data contained in this website will not accept liability for any loss or damage as a result of your trading, or your reliance on the information contained within this website.
It is prohibited to use, store, reproduce, display, modify, transmit or distribute the data contained in this website without the explicit prior written permission of Fusion Media and/or the data provider. All intellectual property rights are reserved by the providers and/or the exchange providing the data contained in this website.
Fusion Media may be compensated by the advertisers that appear on the website, based on your interaction with the advertisements or advertisers.
© 2007-2024 - Fusion Media Limited. All Rights Reserved.