Guarding Vital Information

Systematically eliminating new vulnerabilities

BACKGROUND

By design, our systems run on Windows operating software. NeuroLogica currently only supports and approves running Windows 10 operating system (OS) releases. With the introduction of the Windows 11 update, any workstations that have connection to the internet may pop up communications from Microsoft to update to Windows 11. Upgrading to Windows 11 may cause the software application on the CT systems to have operational issues, i.e., slow performance, additional Microsoft related pop-up windows.

VENDOR STATEMENT

NeuroLogica continues to monitor cybersecurity vulnerabilities for the current Windows 10 OS to ensure our products are protected against cyberthreats. If encountered, please disregard and cancel any updates to Windows 11. In cases where the upgrade has been done and the performance of the system degrades or becomes in any way unstable, NeuroLogica will require the laptop to be replaced at the site’s expense.

Please contact Samsung NeuroLogica Customer Service at 1-888-564-8561 (United States and Canada) or + 1 978-564-8561 (International) with any questions.

BACKGROUND

CISA Statement: Widespread exploitation of a critical remote code execution vulnerability (CVE-2021-44228) affecting Apache Log4j software library versions 2.0-beta9 to 2.14.1. Log4j is very broadly used in a variety of consumer and enterprise services, websites, and applications—as well as in operational technology products—to log security and performance information. An unauthenticated remote actor could exploit this vulnerability to take control of an affected system.

VENDOR STATEMENT

Samsung is aware of reports of this cybersecurity vulnerability related to Apache Log4j, a logging tool used in many Java-based applications, disclosed on December 9, 2021. We have analyzed the vulnerability against Computed Tomography.

Samsung has found that none of our products are affected by Apache Log4j vulnerability. This notice is meant to provide a proactive communication with our customers and clients. Samsung NeuroLogica pledges to make every effort to comply with the safety, security, integrity, and national regulations of its products. Any recommended updates or patches will follow our vulnerability patch process and will be communicated via our field engineers.

BACKGROUND

On October 1st, 2019, the U.S. Food and Drug Administration (FDA) issued an alert informing patients, health care providers, and medical device manufacturers about several cybersecurity vulnerabilities known as Urgent 11 that may introduce risks for certain medical devices and hospital networks. These vulnerabilities may allow anyone to remotely access medical devices and perform denial of service attacks, leak sensitive information, as well as disrupt the medical device’s day-to-day functions. The Urgent 11 vulnerabilities affect the following operating systems:

  • VxWorks (by Wind River)
  • Operating System Embedded (OSE) (by ENEA)
  • INTEGRITY (by Green Hills)
  • ThreadX (by Microsoft)
  • ITRON (by TRON Forum)
  • ZebOS (by IP Infusion)

The Computed Tomography Imaging Modalities commercialized by Samsung NeuroLogica do not utilize any of the affected operating systems. Therefore, the medical imaging devices sold by Samsung NeuroLogica are secured against the Urgent 11 vulnerability. Samsung NeuroLogica pledges to make every effort to comply with the safety, security, integrity and national regulations of its products. For assistance or questions regarding the Urgent 11 vulnerabilities as it pertains to your Samsung NeuroLogica products, please contact your local service representative.

BACKGROUND

Samsung is aware of the current Remote Desktop vulnerability known as BlueKeep, affecting several Windows 7 and Windows XP devices. The BlueKeep vulnerability exists within the Remote Desktop Protocol (RDP) used by the following: Microsoft Windows OS, Windows 2000, Windows Vista, Windows XP, Windows 7, Windows Server 2003, Windows Server 2003 R2, Windows Server 2008, and Windows Server 2008 R2. An attacker can exploit this vulnerability to perform remote code execution on an unprotected system. According to Microsoft, an attacker can send specially crafted packets to one of these operating systems that has RDP enabled. After successfully sending the packets, the attacker would have the ability to perform a number of actions: adding accounts with full user rights; viewing, changing, or deleting data; or installing programs. This exploit, which requires no user interaction, must occur before authentication to be successful. BlueKeep is considered “wormable” because malware exploiting this vulnerability on a system could propagate to other vulnerable systems; thus, a BlueKeep exploit would be capable of rapidly spreading in a fashion similar to the WannaCry malware attacks of 2017. Responses for our product portfolio:

COMPUTED TOMOGRAPHY

As for the CT devices, Samsung is taking all preventative measures in order to address the BlueKeep vulnerability affecting two of the three modalities (NL3000 and NL4000). The vulnerability will be mitigated through the installation of the latest Microsoft Security patch. A customer service bulletin has been generated for this purpose, providing an overview of the vulnerability, along with installation instructions. Our service team is closely monitoring the situation and will continue to work with our customer base to address this RDP issue and take appropriate actions to mitigate for all Samsung imaging products. Samsung pledges to make every effort to comply with the safety, security, integrity and national regulations of its products. It is recommended to update all affected systems with the latest patches provided by Microsoft (Windows 7 (KB4499164)) and Windows XP (KB4500331).

BACKGROUND

Samsung is aware of the current ransomware campaign known as WannaCry, which has attacked a large number of organizations worldwide, including healthcare providers. The malware encrypts (locks) computers and demands a payment to unlock the infected system. According to Microsoft, ransomware attacks have been observed to use common email phishing tactics with malicious attachments to infect devices. Once launched, the malware can further spread to adjacent systems on a network by exploiting a Windows vulnerability (in SMBv1). Further information on this Windows vulnerability can be found on the Microsoft website at: Microsoft (MS) Customer Guidance for WannaCry Attacks . The vulnerability to this ransomware was identified and a patch was released by Microsoft on March 14, 2017 (MS17-010) for Microsoft supported versions of Windows.

SAMSUNG RESPONSE

Samsung is taking all available precautions including preventative measures, such as installation of the latest Microsoft Security Patches for all three imaging modalities – computed tomography, digital x-ray and ultrasound. Separate technical service bulletins were generated for this purpose. Certain Samsung product configurations do not use the vulnerable network ports (137, 138, 139, 445) and, as such, are not exposed to this Windows vulnerability, provided the product is used in compliance with the proper indications and instructions for use.
Our service team is closely monitoring the situation and will continue to work with our customer base to address this malware event and take appropriate actions to mitigate for all Samsung imaging products. Samsung is committed to ensuring robust product security resources and support for our healthcare customers, and their patients who rely on them. We continue to engage with the medical device industry, security research community, and government agencies to monitor the situation, respond accordingly, and meet ongoing healthcare cybersecurity challenges.
For assistance or questions with malware as it pertains to your Samsung product, please contact your local service representative. If you become aware of a vulnerability or other security concern involving a Samsung product, please notify us immediately. We take these threats seriously, and we appreciate your prompt attention to these matters.

ADDITIONAL INFORMATION

The United States Computer Emergency Readiness Team has issued an alert with more information on this issue and potential mitigations.