Siemens, Homeland Security issue advisory for diagnostic imaging systems

Nicholas Leider | | Radiology Business | Medical Imaging

On Augist 3, the Department of Homeland Security (DHS) and Siemens Healthineers issued an advisory that four of the company’s diagnostic imaging systems may be vulnerable to cyberattacks.

The release specifically mentions all Windows 7-based versions of Siemens PET/CT systems, SPECT/CT Systems, SPECT systems and SPECT Workplaces/Symbia.net.

“Successful exploitation of these vulnerabilities may allow the attacker to remotely execute arbitrary code,” according to the advisory on DHS’s Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) website. “Impact to individual organizations depends on many factors that are unique to each organization. NCCIC/ICS-CERT recommends that organizations evaluate the impact of these vulnerabilities based on their operational environment and specific clinical usage.”

Siemens mentions four possible methods of remotely hacking the systems:

Improper Control of Code Generation (1): An unauthenticated remote attacker could execute arbitrary code by sending specially crafted HTTP requests to the Microsoft web server (Port 80/TCP and Port 443/TCP) of affected devices.

Improper Control of Code Generation (2): An unauthenticated remote attacker could execute arbitrary code by sending a specially crafted request to the HP Client automation service on Port 3465/TCP of affected devices.

Improper Restriction of Operations within the Bounds of a Memory Buffer: An unauthenticated remote attacker could execute arbitrary code by sending a specially crafted request to the HP Client automation service of affected devices.

Permissions, Privileges and Access Controls: An unauthenticated remote attacker could execute arbitrary code by sending a specially crafted request to the HP Client automation service of affected devices.

Siemens is preparing updates for the vulnerable systems. The company suggests users run devices in a dedicated network segment and protected IT environment. If that is not possible, products should be disconnected from networks and reconnected only after the provided patch has been installed.

""
Nicholas Leider, Managing Editor

Nicholas joined TriMed in 2016 as the managing editor of the Chicago office. After receiving his master’s from Roosevelt University, he worked in various writing/editing roles for magazines ranging in topic from billiards to metallurgy. Currently on Chicago’s north side, Nicholas keeps busy by running, reading and talking to his two cats.

Related Content

Radiologists are more accurate, confident when they know the full story
GE HealthCare moves PET/CT scanner production to United States
Use of AI opportunistic screening in CT for cardiovascular disease
ACR offers resources to achieve radiology AI best practices
PHOTO GALLERY: Examples of FDA-cleared AI in radiology
AI opportunistic screening may have tremendous potential to help patients, ACR CEO says

Around the web

Cardiovascular Business
Global shortage of nuclear imaging isotopes may be over

The nuclear imaging isotope shortage of molybdenum-99 may be over now that the sidelined reactor is restarting. ASNC's president says PET and new SPECT technologies helped cardiac imaging labs better weather the storm.

Cardiovascular Business
‘A huge win’: CMS significantly increases Medicare payments for cardiac CT

CMS has more than doubled the CCTA payment rate from $175 to $357.13. The move, expected to have a significant impact on the utilization of cardiac CT, received immediate praise from imaging specialists.

Cardiovascular Business
GE HealthCare moves PET/CT scanner production to United States

The all-in-one Omni Legend PET/CT scanner is now being manufactured in a new production facility in Waukesha, Wisconsin.

Design by Adaptive Theme
Trimed Popup
Trimed Popup