Technology.am (May 1, 2009) —A computer worm, known as “Conficker,” has crawled into hundreds of medical devices at dozens of hospitals in the US and other countries. It has not harmed any patients, but it poses a potential threat to hospital operations.
“A few weeks ago, we discovered medical devices, MRI machines, infected with Conficker,” said Marcus Sachs, director of the Internet Storm Center.
Researchers noticed that an MRI machines was reaching out over the Internet to get instructions — presumably from the programmers who created Conficker.
The researchers discovered that more than 300 similar devices at hospitals around the world had been compromised.
The MRI device manufacturer told them none of the machines were supposed to be connected to the Internet and yet they were. And because the machines were running an unpatched version of Microsoft’s operating system used in embedded devices they were vulnerable.
The solution would be simply to install a patch. But the device manufacturer said rules from the U.S. Food and Drug Administration required that a 90-day notice be given before the machines could be patched. “For 90 days these infected machines could easily be used in an attack, including, for example, the leaking of patient information,” said Rodney Joffe, a senior vice president at NeuStar, a communications company.