Health Care, Conficker Style

This is certainly a disturbing development.

Conficker worm hits hospital devices

A computer worm that has alarmed security experts around the world has crawled into hundreds of medical devices at dozens of hospitals in the United States and other countries, according to technologists monitoring the threat.

The worm, known as “Conficker,” has not harmed any patients, they say, but it poses a potential threat to hospital operations.

“A few weeks ago, we discovered medical devices, MRI machines, infected with Conficker,” said Marcus Sachs, director of the Internet Storm Center, an early warning system for Internet threats that is operated by the SANS Institute.

Around March 24, researchers monitoring the worm noticed that an imaging machine used to review high-resolution images was reaching out over the Internet to get instructions — presumably from the programmers who created Conficker.

The researchers dug deeper and discovered that more than 300 similar devices at hospitals around the world had been compromised. The manufacturer of the devices told them none of the machines were supposed to be connected to the Internet — and yet they were. And because the machines were running an unpatched version of Microsoft’s operating system used in embedded devices they were vulnerable.

Normally, the solution would be simply to install a patch, which Microsoft released in October. But the device manufacturer said rules from the U.S. Food and Drug Administration required that a 90-day notice be given before

“For 90 days these infected machines could easily be used in an attack, including, for example, the leaking of patient information,” said Rodney Joffe, a senior vice president at NeuStar, a communications company that belongs to an industry working group created to deal with the worm. “They also could be used in an attack that affects other devices on the same networks.”

Joffe, who is scheduled to testify before Congress on Friday, said he will ask lawmakers to remove the barriers to coordination between federal agencies so that cyberthreats like Conficker can be addressed.

In addition to the medical-imaging machines, Joffe said the working group has seen thousands of other machines located in hospitals reach out to the Conficker mastermind by contacting another computer on the Internet for instructions. Researchers have not determined the function of these machines. They could be a personal computer sitting on a secretary’s desk or more sensitive medical devices linked to patient care.

See also:
Conficker infected critical hospital equipment, expert says
Conficker Worm Hits U.S. Hospitals, Infecting Computers and Equipment
Conficker spotted in critical medical equipment
Hospital devices face threats from Conficker computer worm
Conficker infected critical hospital equipment
The Microsoft Tax: Windows Conficker worm hits hospital devices; Macintosh unaffected
Report: Conficker in attack mode
Conficker adds new weapon: spam
Conficker virus begins to attack PCs
SANS Internet Storm Center
Internet Storm Center
SANS Institute
SANS Institute
NeuStar
NeuStar
W32/Conficker.worm
Conficker
Protect yourself from the Conficker computer worm
Conficker Worm: Help Protect Windows from Conficker

Like with the swine flu, if everyone would just take basic, common sense precautions, they won’t have any problems with Conficker and won’t play a part in helping spread it to others.

/do your part, keep your Windows PCs up to date with the most current Microsoft patches and always run currently updated anti-virus and firewall software

Advertisements