Law Firm IT
The view from the server room.
Sunday, May 03, 2009
FDA Rule on Appying Windows Patches on Medical Devices Could Put Human Life at Risk
One of the scariest uses of Windows OS is that it is installed on medical devices. As a result, every piece of malware coming down the pike can infect this medical devices, putting human life at risk. SANS announced last week that it had discovered Conficker worm infections on medical devices, including MRI machines.
A few weeks ago, we discovered medical devices, MRI machines, infected with Conficker," said Marcus Sachs, director of the Internet Storm Center, an early warning system for Internet threats that is operated by the SANS Institute.
Around March 24, researchers monitoring the worm noticed that an imaging machine used to review high-resolution images was reaching out over the Internet to get instructions ? presumably from the programmers who created Conficker.
The researchers dug deeper and discovered that more than 300 similar devices at hospitals around the world had been compromised. The manufacturer of the devices told them none of the machines were supposed to be connected to the Internet ? and yet they were. And because the machines were running an unpatched version of Microsoft's operating system used in embedded devices they were vulnerable.
Normally, the solution would be simply to install a patch, which Microsoft released in October. But the device manufacturer said rules from the U.S. Food and Drug Administration required that a 90-day notice be given before the machines could be patched.
The view from the server room.
Sunday, May 03, 2009
FDA Rule on Appying Windows Patches on Medical Devices Could Put Human Life at Risk
One of the scariest uses of Windows OS is that it is installed on medical devices. As a result, every piece of malware coming down the pike can infect this medical devices, putting human life at risk. SANS announced last week that it had discovered Conficker worm infections on medical devices, including MRI machines.
A few weeks ago, we discovered medical devices, MRI machines, infected with Conficker," said Marcus Sachs, director of the Internet Storm Center, an early warning system for Internet threats that is operated by the SANS Institute.
Around March 24, researchers monitoring the worm noticed that an imaging machine used to review high-resolution images was reaching out over the Internet to get instructions ? presumably from the programmers who created Conficker.
The researchers dug deeper and discovered that more than 300 similar devices at hospitals around the world had been compromised. The manufacturer of the devices told them none of the machines were supposed to be connected to the Internet ? and yet they were. And because the machines were running an unpatched version of Microsoft's operating system used in embedded devices they were vulnerable.
Normally, the solution would be simply to install a patch, which Microsoft released in October. But the device manufacturer said rules from the U.S. Food and Drug Administration required that a 90-day notice be given before the machines could be patched.