These medical devices could be easily encrypted with WannaCry ransomware

Since its irruption on scene in 2017, the WannaCry ransomware has become one of the main cybersecurity threats, especially for health service organizations, demonstrating the obsolescence of multiple Windows-based operating systems used in these environments. Last year, the tech giant’s security team reported a critical vulnerability, known as BlueKeep, which could be exploited to allow the quick spreading of malware, just as it did with WannaCry.

While the vulnerability was corrected, it is estimated that around one million medical devices with Microsoft operating system connected to the Internet are still exposed to exploiting the flaw nowadays.

Cybersecurity specialists mention that networks of health organizations and hospitals are especially vulnerable to these attacks due to the high costs and the difficulty of regularly updating these systems, in addition to the aging of operating systems used in the medical industry.

In a cybersecurity alert, the US Department of Homeland Security (DHS) listed several details about devices that remain vulnerable to BlueKeep exploitation, including some telemetry and anesthesia delivery devices produced by the firm Spacelabs. Although the manufacturer released updates for some of the affected developments, many of its products are simple pieces of hardware that cannot receive updates, so they will remain exposed to BlueKeep exploitation.

DHS’s primary recommendation to potentially affected organizations is to block certain ports on their firewall to prevent potential attacks by threat actors from outside the enterprise network. However, this security measure does not prevent the exploitation of the flaw by hackers inside the compromised network, so additional measures are required. Its implementation depends on the characteristics of each single network, so this work is up to system administrators or IT teams.  

A couple of weeks ago, the International Institute of Cyber Security (IICS) stated the presence of various vulnerabilities in nearly 50% of all medical devices, so it is not the responsibility of a few manufacturers, but should be considered as a problem for the industry in general.