MD-ISAO Emergency Response Coordination

NOTE: Information will be actively collected across key stakeholders globally throughout emergency response and will be reviewed, evaluated, and pertinent information posted as soon as it has been vetted.

MD-ISAO is engaged with networks of hospitals and manufacturers in active surveillance for the WannaCry outbreak.

If you are a manufacturer, health care organization or other organization that could facilitate the collection of data for WannaCry surveillance, please contact MD-VIPER

Medical Device Cybersecurity Communications and Updates

Protecting the health and safety of patients by preventing ransomware attacks on medical devices is a MD-ISAC priority. This is accomplished by ensuring that patient safety and health is addressed systemically during all phases of a cybersecurity attack.

Engaged stakeholders includes, but is not limited to medical device manufacturers, healthcare delivery organizations, and our Federal partners responsible for medical device emergency response activities. When responding to emergency situations, they can navigate the proper channels to provide assistance to those healthcare delivery organizations and medical device stakeholders in need.

These communication and update activities are a part of the MD-ISAO functions and are closely coordinated with and/or leverage content from general NH-ISAC activities, ICS-CERT, FDA, US-CERT, HHS, and many private sector partners.

Medical Device Manufacturers

Manufacturer Link to WannaCry Outbreak Statement & Recommendations Comments/Notes
Abbott Link will be provided when statement is available.
Accuray http://www.accuray.com/service/service-support
Baxter Link will be provided when statement is available.
BD http://www.bd.com/aboutbd/productsecurity/wannacry-ransomware.aspx Updated product information
Boston Scientific Link will be provided when statement is available.
GE Healthcare https://digitalsupport.ge.com/communities/en_US/Article/GE-Security-Bulletin-Regarding-WannaCry
Johnson & Johnson Link will be provided when statement is available.
Medtronic Link will be provided when statement is available.
Philips Healthcare http://www.usa.philips.com/healthcare/about/customer-support/product-security Updated product information
Siemens https://www.siemens.com/cert/pool/cert/siemens_security_bulletin_ssb-412479.pdf”

https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-701903.pdf”

https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-286693.pdf
Smiths-Medical https://www.smiths-medical.com/company-information/news-and-events/news/2017/may/17/wannacry-malware-infection-and-outbreak-statement
Stryker Link will be provided when statement is available.

If you’d like to be added to the list or provide updates on the WannaCry outbreak, please email MD-VIPER.

Manufacturer-provided advisories and recommendations regarding WannaCry Impact and remediation:

Accuray:
Service Bulletin for “WannaCry” Ransomware
On Friday, May 12, 2017, the malware WannaCry (also referred to as WCRY) was launched and quickly spread to computers across the Internet. Accuray has not identified any increased safety risks from the malware at this time. Accuray is continuing to monitor information related to this malware as it develops to understand the potential impact to safety and security risks for Accuracy systems. At the time of this letter, no Accuray systems have been reported to be infected by this malware. This situation is developing, and Accuray will issue additional communications as new information becomes available. Download our full letter with more information.

BD:
Thank you for contacting the BD Corporate Product Security Office. We are currently evaluating and validating appropriate measures for products regarding the WannaCry ransomware. We have posted a bulletin on our Product Security website, which can be found at http://www.bd.com/aboutbd/productsecurity/wannacry-ransomware.aspx

If we have additional recommendations or actions, we will update this page and notify our customers as appropriate. If you believe a BD product has been affected, please email us at product.security@bd.com and contact your BD service representative immediately.

Siemens:
Official advisory on the issues regarding WannaCry: https://www.siemens.com/cert/en/cert-security-advisories.htm

Smiths Medical:
May 17, 2017
You will have seen over the weekend the extensive cyberattack known as the WannaCry malware infection and outbreak that impacted healthcare organizations, financial institutions and universities globally.

The Smiths Medical Cyber Security Engineering and Operations teams have been monitoring our systems for any signs of the WannaCry malware malicious software infections; no indicators of compromise or malware infections have been thus far discovered. In addition, we are educating our software engineering teams, and are working closely with our information services to ensure all necessary software patches are in place to protect our environment. To our knowledge, no Smiths Medical product has been affected by the WannaCry Malware infection and outbreak.

According to Microsoft this ransomware spreads either by attachments/links in phishing emails or on malicious websites (“system zero infection”) or via an infected system that exploits a vulnerability in a Windows component used in the context of open file shares of other systems reachable on the same network. Certain details may be found on the following Microsoft page:
https://blogs.technet.microsoft.com/msrc/2017/05/12/customer-guidance-for-wannacrypt- attacks/

For products that are listening on network ports 139/tcp, 445/tcp or 3389/tcp, their exploitation exposure depends on the security measures within the network. In order to protect a product from exploitation it should be isolated from any infected system within its respective network segment (i.e., product deployed in a network segment separated by firewall control blocking access to network ports 139/tcp, 445/tcp and 3389/tcp).

If the above cannot be implemented we recommend the following:
•If patient safety and treatment is not at risk, disconnect the uninfected product from the network and use in standalone mode
•Reconnect the product only after the provided patch or remediation is installed on the system

In addition, Smiths Medical Cyber Security Engineering recommends:
•Ensure you have appropriate backups and system restoration procedures
•For specific patch and remediation guidance information contact your local Smiths Medical sales or technical representative
•Use of Active Directory (AD)
•Use of Managed Services Accounts within AD
•Network isolation for medical pumps and software applications via: ◦Virtual Local Area Network (VLAN)
◦Network address translation (NAT)
◦Dynamic Host Configuration Protocol (DHCP)
◦Use of Secure Socket Layer (SSL) Certificates issued from a bonafide Certificate Authority (CA) NOT Open SSL within your network when connecting to our software applications
◦Use of 2048 bit encryption as minimum within the SSL certificate environment

The Smiths Medical Cyber Security Engineering team will continue to monitor the situation and provide further updates and/or suggestions if needed.


Public sector

Organization Website Link
DHS (Department of Homeland Security) https://www.dhs.gov/
FDA (Food and Drug Administration) https://www.fda.gov/
HHS (Department of Health and Human Services) https://www.hhs.gov/
ICS-CERT (Industrial Control Systems Cyber Emergency Response Team) https://ics-cert.us-cert.gov/alerts/ICS-ALERT-17-135-01Ca>
NH-ISAC (National Health Information Sharing and Analysis Center) https://nhisac.org/
US-CERT (United States Computer Emergency Readiness Team) https://www.us-cert.gov/

If you’d like to be added to the list or provide updates on the WannaCry outbreak, please email MD-VIPER.


Stakeholder Organizations

Organization Website Link
HIMSS (Healthcare Information and Management Systems Society) http://www.himss.org/xx
CHIME (College of Healthcare Information Management Executives) https://chimecentral.org/
AAMI (Association for the Advancement of Medical Instrumentation) http://www.aami.org
ACCE (American College of Clinical Engineering) http://accenet.org/
CE-IT Community (A Clinical Engineering/IT Collaboration) http://www.ceitcollaboration.org/
AdvaMed (Advanced Medical Technology Association) http://www.advamed.org/

If you’d like to be added to the list or provide updates on the WannaCry outbreak, please email MD-VIPER.