News

These medical devices could be easily encrypted with WannaCry ransomware

Since its irruption on scene in 2017, the WannaCry ransomware has become one of the main cybersecurity threats, especially for health service organizations, demonstrating the obsolescence of multiple Windows-based operating systems used in these environments. Last year, the tech giant’s security team reported a critical vulnerability, known as BlueKeep, which could be exploited to allow the quick spreading of malware, just as it did with WannaCry.

While the vulnerability was corrected, it is
estimated that around one million medical devices with Microsoft
operating system connected to the Internet are still exposed to exploiting the
flaw nowadays.

Cybersecurity specialists mention that networks
of health organizations and hospitals are especially vulnerable to these
attacks due to the high costs and the difficulty of regularly updating these
systems, in addition to the aging of operating systems used in the medical
industry.

In a cybersecurity alert, the US
Department of Homeland Security (DHS)
listed several details about
devices that remain vulnerable to BlueKeep exploitation, including some telemetry
and anesthesia delivery devices produced by the firm Spacelabs. Although the
manufacturer released updates for some of the affected developments, many of
its products are simple pieces of hardware that cannot receive updates, so they
will remain exposed to BlueKeep exploitation.

DHS’s primary recommendation to potentially
affected organizations is to block certain ports on their firewall to prevent
potential attacks by threat actors from outside the enterprise network.
However, this security measure does not prevent the exploitation of the flaw by
hackers inside the compromised network, so additional measures are required.
Its implementation depends on the characteristics of each single network, so
this work is up to system administrators or IT teams.  

A couple of weeks ago, the International Institute of Cyber
Security (IICS)
stated the presence of various vulnerabilities in
nearly 50% of all medical devices, so it is not the responsibility of a few
manufacturers, but should be considered as a problem for the industry in
general.

You Might Also Like