Skip to main content
close search
site logo
Dive Brief

DHS warns of WannaCry-like vulnerability in Spacelabs Healthcare systems

Published Feb. 19, 2020
By
Contributor

Dive Brief:

  • The Department of Homeland Security has warned the exploitation of a Microsoft Windows cybersecurity vulnerability could lead to a fast-spreading malware attack reminiscent of WannaCry.

  • In a statement posted Tuesday, DHS revealed telemetry devices sold by Spacelabs Healthcare suffer from the weakness, scoring 9.8 out of 10 on a security vulnerability scale. 

  • While Spacelabs is the first medtech to be the subject of an alert related to the vulnerability, a separate report estimates 45% of Windows-based connected medical devices are exposed.

Dive Insight:

In 2017, the WannaCry ransomware attack disrupted work at one third of English hospitals, revealing the vulnerability of healthcare networks running outdated systems. Last year, Microsoft warned it had found a new vulnerability, dubbed BlueKeep, that could enable malware to spread around the world like WannaCry did in 2017. 

Microsoft patched the flaw but two weeks later communicated third-party research that estimated more than 1 million internet-connected computers were still vulnerable. As Microsoft said, there may have been additional vulnerable systems within corporate networks.

Due to the cost and difficulty of keeping medical devices running embedded versions of Microsoft Windows up to date, healthcare is particularly vulnerable to cyber attacks that exploit vulnerabilities in outdated operating systems. 

Now, DHS has shared details of devices that have the BlueKeep vulnerability. The DHS’ alert covers Spacelabs’ Xhibit Telemetry Receiver and Arkon anesthesia delivery system. Spacelabs has created a software update for all deployed Xhibit devices to eliminate the vulnerability.

However, Arkon is no longer supported by Spacelabs. The DHS alert states that “many Spacelabs products are appliances and users are not intended to perform updates on them,” adding that there are products and systems that are obsolete or cannot be patched. Such products and systems cannot receive the software update that grants protection from BlueKeep.

The DHS notice advises users of technologies that cannot receive the update to block a port on their enterprise firewall. DHS thinks blocking the port will stop attackers from outside of the enterprise’s network from exploiting the vulnerability. However, hackers inside the network will still be able to mount attacks and legitimate users will lose the ability to perform certain actions.

DHS published the advisory on the same day as healthcare cybersecurity firm CyberMDX released a report that claimed 45% of connected medical devices in hospitals are vulnerable to BlueKeep.

Editors' picks

Company Announcements

View all | Post a press release
Lunit Shows Promise of AI in Predicting Immunotherapy Response for Rare Cancer Patients at SIT…
From Lunit
November 10, 2024
New Published Study Shows MedLite ID as Faster and Simpler Solution to Primary Medication Infu…
From Orion Innovations
November 20, 2024
Osteal Therapeutics Announces Positive 12-Month Results from the APEX Clinical Trial Program a…
From Osteal Therapeutics
November 14, 2024
Arsenal Medical Launches EMBO-02 Study for NeoCast™ to Assess Treatment of Chronic Subdural He…
From Arsenal Medical
November 14, 2024
Editors' picks
Latest in Medical Devices
image/svg+xml
Industry Dive is an Informa business
© 2024 Industry Dive. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell