Publication Date: October 16, 2019
On October 1st, 2019 The U.S. Food and Drug Administration (FDA) issued an alert informing patients, health care providers, and medical device manufacturers about several cybersecurity vulnerabilities known as Urgent 11 that may introduce risks for certain medical devices and hospital networks. These vulnerabilities may allow anyone to remotely access medical devices and perform denial of service attacks, leak sensitive information, as well as disrupt the medical devices day to day functions. The Urgent 11 vulnerabilities affect the following operating Systems:
• VxWorks (by Wind River)
• Operating System Embedded (OSE) (by ENEA)
• INTEGRITY (by Green Hills)
• ThreadX (by Microsoft)
• ITRON (by TRON Forum)
• ZebOS (by IP Infusion)
The Digital Radiography, Ultrasound and Computed Tomography Imaging Modalities commercialized by Samsung Neurologica do not utilize any of the affected operating systems. Therefore, the medical imaging devices sold by Samsung Neurologica are secured against the Urgent 11 vulnerability. Samsung Neurologica pledges to make every effort to comply with the safety, security, integrity and national regulations of its products. For assistance or questions regarding the Urgent 11 vulnerabilities as it pertains to your Samsung Neurologica products, please contact your local service representative.
Publication Date: October 7, 2019
Samsung is aware of the current Remote Desktop vulnerability known as Bluekeep, affecting several Windows 7 and Windows XP devices. The BlueKeep vulnerability exists within the Remote Desktop Protocol (RDP) used by the following Microsoft Windows OSs Windows 2000, Windows Vista, Windows XP, Windows 7, Windows Server 2003, Windows Server 2003 R2, Windows Server 2008, and Windows Server 2008 R2. An attacker can exploit this vulnerability to perform remote code execution on an unprotected system. According to Microsoft, an attacker can send specially crafted packets to one of these operating systems that has RDP enabled. After successfully sending the packets, the attacker would have the ability to perform a number of actions: adding accounts with full user rights; viewing, changing, or deleting data; or installing programs. This exploit, which requires no user interaction, must occur before authentication to be successful. BlueKeep is considered “wormable” because malware exploiting this vulnerability on a system could propagate to other vulnerable systems; thus, a BlueKeep exploit would be capable of rapidly spreading in a fashion similar to the WannaCry malware attacks of 2017. Responses for our product portfolio:
DIGITAL RADIOGRAPHY AND ULTRASOUND IMAGING MODALITIES
In regards to the DR and Ultrasound devices, although the Bluekeep vulnerability affects Windows 7 and XP systems, the RDP service is disabled on all Samsung DR and ultrasound systems and those are secured against this vulnerability. In addition, most of Samsung DR and ultrasound systems will be upgraded to Windows 10 and detailed schedule is available through existing communication contacts.
As for the CT devices Samsung is taking all preventative measures in order to address the Bluekeep vulnerability affecting two of the three modalities (NL3000 and NL4000). The vulnerability will be mitigated through the installation of the latest Microsoft Security patch. A customer service bulletin has been generated for this purpose providing an overview of the vulnerability along with installation instructions. Our service team is closely monitoring the situation and will continue to work with our customer base to address this RDP issue and take appropriate actions to mitigate for all Samsung imaging products. Samsung pledges to make every effort to comply with the safety, security, integrity and national regulations of its products. It is recommended to update all affected systems with the latest patches provided by Microsoft (Windows 7 (KB4499164)) and Windows XP (KB4500331).
Publication Date: May 24, 2017
Samsung is aware of the current ransomware campaign known as WannaCry which has attacked a large number of organizations worldwide, including healthcare providers. The malware encrypts (locks) computers and demands a payment to unlock the infected system. According to Microsoft, ransomware attacks have been observed to use common email phishing tactics with malicious attachments to infect devices. Once launched, the malware can further spread to adjacent systems on a network by exploiting a Windows vulnerability (in SMBv1). Further information on this Windows vulnerability can be found on the Microsoft website at: Microsoft (MS) Customer Guidance for WannaCry Attacks. The vulnerability to this ransomware was identified and a patch was released by Microsoft on March 14, 2017 (MS17-010) for Microsoft supported versions of Windows.
Samsung is taking all available precautions including preventative measures such as installation of the latest Microsoft Security Patches for all three imaging modalities – computed tomography, digital x-ray and ultrasound. Separate technical service bulletins were generated for this purpose. Certain Samsung product configurations do not use the vulnerable network ports (137, 138, 139, 445) and as such are not exposed to this Windows vulnerability provided the product is used in compliance with the proper indications and instructions for use.
Our service team is closely monitoring the situation and will continue to work with our customer base to address this malware event and take appropriate actions to mitigate for all Samsung imaging products. Samsung is committed to ensuring robust product security resources and support for our healthcare customers, and their patients who rely on them. We continue to engage with the medical device industry, security research community, and government agencies to monitor the situation, respond accordingly, and meet ongoing healthcare cybersecurity challenges.
For assistance or questions with malware as it pertains to your Samsung product, please contact your local service representative. If you become aware of a vulnerability or other security concern involving a Samsung product, please notify us immediately. We take these threats seriously, and we appreciate your prompt attention to these matters.
The United States Computer Emergency Readiness Team has issued an alert with more information on this issue and potential mitigations.