“A computer worm that has alarmed security experts around the world has crawled into hundreds of medical devices at dozens of hospitals in the United States and other countries, according to technologists monitoring the threat,” Elise Ackerman reports for The Mercury News.
“The worm, known as ‘Conficker,’ has not harmed any patients, they say, but it poses a potential threat to hospital operations,” Ackerman reports.
“‘A few weeks ago, we discovered medical devices, MRI machines, infected with Conficker,’ said Marcus Sachs, director of the Internet Storm Center, an early warning system for Internet threats that is operated by the SANS Institute,” Ackerman reports.
“The manufacturer of the devices told them that none of the machines were supposed to be connected to the Internet — and yet they were. And because the machines were running an unpatched version of Microsoft’s operating system used in embedded devices, they were vulnerable,” Ackerman reports.
“Normally, the solution would be to simply install a patch, which Microsoft released last October,” Ackerman reports. “But the device manufacturer said rules from the U.S. Food and Drug Administration required that a 90-day notice be given before the machines could be patched.”
MacDailyNews Take: Combining Microsoft and the U.S government is like crossing the streams. Don’t cross the streams. Try to imagine all human progress being erased in real-time. Total reversal of the space-time continuum. Real wrath of God type stuff.
Ackerman continues, “‘For 90 days these infected machines could easily be used in an attack, including for example, the leaking of patient information,’ said Rodney Joffe, a senior vice president at Neustar, a communications company that belongs to an industry working group created to deal with the worm. ‘They also could be used in an attack that affects other devices on the same networks.'”
“In addition to the medical-imaging machines, Joffe said the working group has seen thousands of other machines located in hospitals reach out to the Conficker mastermind by contacting another computer on the Internet for instructions. Researchers have not determined the function of these machines. They could be a personal computer sitting on a secretary’s desk or more sensitive medical devices linked to patient care,” Ackerman reports.
“And the danger isn’t contained to hospitals,” Ackerman reports. “‘Microsoft Windows is a common operating system for embedded devices that is used in all industries,’ Joffee said. ‘There is no reason to believe that other industries don’t have the same problem.'”
Full article here.