Show Menu

Ransomware Attacks:Protect Medical Devices Cheat Sheet by

Ransomware Attacks: How to Protect Your Medical Device Systems
medical     systems     device     protect     ransomware     attacks-


Some medical device systems may be at risk for these types of ransomware attacks, and a threat to patient care may exist. While your facility's IT department is likely tackling the ransomware threats with the currently available Microsoft security patches, some Window­s-based medical device systems will remain suscep­tible to ransomware attacks like WannaCry and Petya because either:

 ­ ­ ­ They are based on an older version of the Windows OS (for example, Windows XP) and can't be upgraded, or
 ­ ­ ­ They have not been validated for clinical use with the latest security patches.

Such systems are often managed separately from regular IT assets to ensure approp­riate clinical functi­onality through adherence to manufa­ctu­rer­-sp­ecific setup and requir­ements.

Do's 1-3

1. Identify networked medical device­s/s­erv­ers­/wo­rks­tations that are operating on a Windows OS. Useful sources for this inform­ation may include:
 ­ ­ ­ a) Medical device inventory (i.e., comput­erized mainte­nance management systems)
 ­ ­ ­ b) Change management systems
 ­ ­ ­ c) Manufa­cturer Disclosure Statement of Medical Device Security (MDS2) forms obtained during device purchase
 ­ ­ ­ d) Medical device manufa­cturers
 ­ ­ ­ e) Alerts from the Industrial Control Systems Cyber Emergency Response Team (ICS-C­ERT)—a list of some medical devices impacted by WannaCry and Petya can be found here: https:­//i­cs-­cer­t.u­s-c­ert.go­v/a­ler­ts/­ICS­-AL­ERT­-17­-13­5-01I

2. Identify whether connected medical device­s/d­evice servers have the relevant Microsoft Windows OS security patches. (All Windows versions without the MS17-010 security patch may be vulnerable to the WannaCry and Petya ransom­ware.)

3. Consider running a vulner­ability scan on your medical device networks to identify affected medical devices.
 ­ ­ ­ a) Vulner­ability scanning can be used to identify devices that may be vulnerable to malware.
 ­ ­ ­ b) This method should only be used if (1) inform­ation is not available through other sources about the existence of a Windows OS and the associated vulner­abi­lities on your medical devices and (2) you already have a list of which devices and systems are compatible with vulner­ability scanning. ECRI Institute is aware of medical device failures that occurred when systems incomp­atible with vulner­ability scanning were scanned.

Do's 4-8

4. If medical device­s/s­ervers are identified that didn't receive the security patch, contact the device vendor to determine the recomm­ended actions for dealing with the current ransomware threat. Request written docume­ntation of those recomm­end­ations from the manufa­cturer.

5. If your device is managed by a third party or indepe­ndent service organi­zation, request prompt instal­lation of approp­riate security patches and docume­ntation to support risk mitiga­tion. Identify terms in the existing service contract covering respon­sib­ilities in regard to security patch updates.

6. Coordinate with the facility's internal IT department to update affected medical devices in accordance with the manufa­ctu­rer's recomm­end­ations as soon as practi­cab­le.
 ­ ­ ­ a) Medical devices require all updates to firmware and software to be validated, which often delays the availa­bility of patches and updates. For any medical device vendors without a validated security patch, demand expedi­tious valida­tion.
 ­ ­ ­ b) Many medical device updates must be installed manually while the unit is removed from use (that is, they can't be distri­buted remotely), and downtime can directly impact patient care.

These factors should be considered when formul­ating an update response.

7. Prioritize response on any connected Window­s-O­S-based medical device systems as follows:
 ­ ­ ­ a) Life-c­ritical devices
 ­ ­ ­ b) Therap­eutic devices
 ­ ­ ­ c) Patient monitoring devices
 ­ ­ ­ d) Alarm notifi­cation systems
 ­ ­ ­ e) Diagnostic imaging systems
 ­ ­ ­ f) Other

8. If a malware infection is identified or suspected in a medical device:
 ­ ­ ­ a) If clinically accept­able, first disconnect the medical device from the network and then work with your internal IT department and the device manufa­cturer to contain the infection and to restore the system.
 ­ ­ ­ b) If any unencr­ypted patient data was involved, inform risk management so that the potential breach can be handled in accordance with HIPAA requir­ements.

Download the Ransomware Attacks:Protect Medical Devices Cheat Sheet

1 Page

PDF (recommended)

Alternative Downloads

Share This Cheat Sheet!



No comments yet. Add yours below!

Add a Comment

Your Comment

Please enter your name.

    Please enter your email address

      Please enter your Comment.

          Related Cheat Sheets

          Systems of the Body Cheat Sheet

          More Cheat Sheets by Davidpol

          Big Five Personality Traits Cheat Sheet