Homeland Security, Siemens issue advisory for 4 diagnostic imaging systems

Nicholas Leider | | Health Imaging | Medical Imaging

The Department of Homeland Security (DHS) and Siemens Healthineers issued an advisory that four of the company’s diagnostic imaging systems may be vulnerable to cyberattacks.

The August 3 release mentions all Windows 7-based versions of Siemens PET/CT systems, SPECT/CT Systems, SPECT systems and SPECT Workplaces/Symbia.net.

“Successful exploitation of these vulnerabilities may allow the attacker to remotely execute arbitrary code,” according to the advisory on DHS’s Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) website. “Impact to individual organizations depends on many factors that are unique to each organization. NCCIC/ICS-CERT recommends that organizations evaluate the impact of these vulnerabilities based on their operational environment and specific clinical usage.”

Siemens mentions four possible methods of remotely hacking the systems:

Improper Control of Code Generation (1): An unauthenticated remote attacker could execute arbitrary code by sending specially crafted HTTP requests to the Microsoft web server (Port 80/TCP and Port 443/TCP) of affected devices.

Improper Control of Code Generation (2): An unauthenticated remote attacker could execute arbitrary code by sending a specially crafted request to the HP Client automation service on Port 3465/TCP of affected devices.

Improper Restriction of Operations within the Bounds of a Memory Buffer: An unauthenticated remote attacker could execute arbitrary code by sending a specially crafted request to the HP Client automation service of affected devices.

Permissions, Privileges and Access Controls: An unauthenticated remote attacker could execute arbitrary code by sending a specially crafted request to the HP Client automation service of affected devices.

Siemens is preparing updates for the vulnerable systems. The company suggests users run devices in a dedicated network segment and protected IT environment. If that is not possible, products should be disconnected from networks and reconnected only after the provided patch has been installed.

""
Nicholas Leider, Managing Editor

Nicholas joined TriMed in 2016 as the managing editor of the Chicago office. After receiving his master’s from Roosevelt University, he worked in various writing/editing roles for magazines ranging in topic from billiards to metallurgy. Currently on Chicago’s north side, Nicholas keeps busy by running, reading and talking to his two cats.

Related Content

FDA says CT scans sometimes damage implantable cardiac electronic devices
Bilingual people have more efficient brains, imaging study shows
Use of AI opportunistic screening in CT for cardiovascular disease
ChatGPT is overly worried about ED patients
Low doses of radiation still increase risk of leukemia, lymphoma and myeloma
ACR offers resources to achieve radiology AI best practices

Around the web

Cardiovascular Business
Global shortage of nuclear imaging isotopes may be over

The nuclear imaging isotope shortage of molybdenum-99 may be over now that the sidelined reactor is restarting. ASNC's president says PET and new SPECT technologies helped cardiac imaging labs better weather the storm.

Cardiovascular Business
‘A huge win’: CMS significantly increases Medicare payments for cardiac CT

CMS has more than doubled the CCTA payment rate from $175 to $357.13. The move, expected to have a significant impact on the utilization of cardiac CT, received immediate praise from imaging specialists.

Cardiovascular Business
FDA clears AI tool that flags signs of heart disease in chest CT scans

The newly cleared offering, AutoChamber, was designed with opportunistic screening in mind. It can evaluate many different kinds of CT images, including those originally gathered to screen patients for lung cancer. 

Design by Adaptive Theme
Trimed Popup
Trimed Popup