DHS Issues Cybersecurity Alert Over Siemens' Medical Scanner Software

Cyber Security Investing
Security Investing

According to the US Department of Homeland Security, a “low skill” attacker would be able to exploit the vulnerabilities of these products.

German tech giant Siemens ((OTCMKTS:SIEGY; FRA:SIE) is on the hook to update some of its medical imaging scanners that could potentially be vulnerable to cybersecurity attacks. 
On Friday (August 3), the US Department of Homeland Security released a statement  advising that the company has found four vulnerabilities in its Molecular Imaging products that run on older Windows software, such as Windows 7.
“These vulnerabilities could be exploited remotely,” the announcement reads. “Exploits that target these vulnerabilities are known to be publicly available.”

According to the agency, the products that are the most vulnerable to exploitation that are running on all Window-7 based versions include:
  • Siemens PET/CT Systems;
  • Siemens SPECT/CT Systems;
  • Siemens SPECT Systems; and
  • Siemens SPECT Workplaces/Symbia.net

Siemens’ positron emission tomopgraphy (PET) scanners are used to disclose how tissues and organs operate by using a radioactive drug to trace activity, and can detect cancer, heart disease and brain disorders. In short, the scanners provide physicians with critical information required to make clinical decisions.
“Successful exploitation of these vulnerabilities may allow the attacker to remotely execute arbitrary code,” the agency’s statement read.
In a press release issued by Siemens, the company stated that Siemens Healthineers are “preparing updates for the affected products and recommends protecting network access to the Molecular Imaging products with appropriate mechanisms.”
“It is advised to run the devices in a dedicated network segment and protected IT environment,” the release continued.
Should the above solutions not work, Siemens issued a number of recommendations, including disconnecting the product from the network and using in “standalone” mode, if patient treatment and safety isn’t at risk. Additional recommendations made by Siemens include ensuring proper backup and system restorations are in place.
All that being said, Reuters reported on Monday (August 7), that upon further review, the company felt disconnecting the scanners was no longer necessary.
“Based on the existing controls of the devices and use conditions, we believe the vulnerabilities do not result in any elevated patient risk,” the company said. “To date, there have been no reports of exploitation of the identified vulnerabilities on any system installation worldwide.”
Graham Cluley, a computer security analyst in the UK said in the article that the vulnerabilities are “pretty serious.”
“It does seem that these vulnerabilities can be exploited remotely and rather trivially,” he told Reuters.
Siemens has until the end of August to manage and update the software in order to prevent the equipment from being hacked.
Following the DHS’ statement on Monday, shares of Siemen on the OTCKMKTS have dropped 0.32 percent to $65.42
Don’t forget to follow us @INN_Technology for real-time news updates!
Securities Disclosure: I, Jocelyn Aspa, hold no direct investment interest in any company mentioned in this article.

The Conversation (0)