Conficker Worm Infects Hospital MRI Machines

May 11, 2009

(ChattahBox)—The Conficker worm has found its way into nearly 300 MRI machines and other hospital equipment that’s connected to the Internet, say security experts who are monitoring the massive computer worm. Security workers at the Internet Storm Center, tracked Conficker to an MRI machine in a hospital when the machine’s computer connected to the worm’s command and control center for instructions.

The security breach was discovered in March in just one hospital and since that time, the Worm’s trackers have discovered that Conficker infected hundreds of MRI machines so far, in hospitals throughout the United States and around the world.

This alarming discovery has hospital administrators concerned that the Conficker worm will threaten hospital operations and pose a serous risk to the security of patients’ records. The Conficker worm was developed by a gang of cyber criminals and it’s not clear what the authors of the worm intend to do with it.

The presence of the Conficker worm has not caused physical harm to any patients while undergoing MRI imaging, experts say.

The Conficker worm is what’s known as a botnet, a massive collection of infected zombie computers that are programmed to call into a command center for instructions on how to spread its malware and spam.

On April 1, the Conficker worm rewrote its code and is now thought to control nearly 50,000 domains, rendering it nearly unstoppable. The worm is so massive and powerful now; it can bypass antivirus programs and even Microsoft’s security update features.

And now it’s known that any sort of device that’s connected to the Internet is vulnerable to attack, even hospital machines.

When security experts uncovered the infection in MRI machines, many hospital administrators didn’t even know the machines were connected to the Internet. The manufacturers of the MRI equipment said the machines should not have been connected to the Internet, but many hospitals failed to follow manufacturers’ instructions.

What’s worse, since many hospitals were unaware the MRI machines had Internet access, they were not properly protected with Windows security patches, making them vulnerable to infection.

Despite the grave security threat to patient records, the MRI manufacturers say FDA rules mandate they submit a 90-day notice before the machines can be repaired with the Microsoft patch, correcting the security vulnerability in its browser, Internet Explorer.

Security experts are now concerned about the havoc the Conficker worm could wreck on hospital operations in three months. The infection could further spread and patient information could possibly be leaked during the 90-day waiting period.

Source


Comments

9 Responses to “Conficker Worm Infects Hospital MRI Machines”

  1. Computer Security - Hackers breach UC Berkeley computer database - Bismarck Tribune | Gadgets And Computers. on May 11th, 2009 7:17 am

    […] Conficker Worm Infects Hospital MRI Machines – Chattahbox.com(ChattahBox)—The Conficker worm has found its way into nearly 300 MRI machines and other hospital equipment that’s connected to the Internet, say security experts who are monitoring the massive computer worm. Security workers at the Internet […]

  2. Elite Health on May 16th, 2009 2:36 am

    Isnt it natural for us to believe we are healthy and not suffering from any disease ? I had a similar thought process until my physician asked me to get a heart scan done after he found that my basic cardiograms were not perfect. I discovered that there were calcium deposits in my coronary arteries and I was at a serious risk of a heart attack. I was shocked and went ahead with the Cardiologist’s suggestion of an advanced diagnostic scan. Though its always tough to undergo such experiences,I was not at any kind of discomfort at the Elitehealth.com advanced heart scan facility. I am not an expert in medical appliance and machines but could feel that the equipment was world-class and I was in safe hands. That feeling is really very important for me and that’s how it actually went on. The facilities for Full Body Scan were as good as they can get.

    http://www.elitehealth.com/heart_scans.php

  3. Eye on Microsoft: This Week’s Security Hall of Shame | Boycott Novell on May 18th, 2009 5:17 pm

    […] Conficker Worm Infects Hospital MRI Machines The Conficker worm has found its way into nearly 300 MRI machines and other hospital equipment […]

  4. Eye on Microsoft: This Week’s Security Hall of Shame | All about MICROSOFT on May 18th, 2009 5:21 pm

    […] Conficker Worm Infects Hospital MRI Machines The Conficker worm has found its way into nearly 300 MRI machines and other hospital equipment […]

  5. The Mad Hatter on May 19th, 2009 11:05 am

    What sort of idiot uses Windows to run a diagnostic machine?

    Possibly the machine manufacturer should be sued for building a defective device, both for using Windows, and also for building in a working ethernet port. And most assuredly Microsoft should be sued, for building an operating system that is full of security flaws.

  6. Tech Thoughts Daily Security Alerts – May 19, 2009 « Bill Mullins’ Weblog – Tech Thoughts on May 19th, 2009 11:33 am

    […] Conficker Worm Infects Hospital MRI Machines – The Conficker worm has found its way into nearly 300 MRI machines and other hospital equipment that’s connected to the Internet, say security experts. […]

  7. DJ on May 21st, 2009 10:14 am

    I’m a technical expert in the field of MRI and recognize the machine in your photo. The OEM of these systems uses UNIX, IRIX, or Linux; Conficker exploits vulnerabilities In Microsoft Windows.

    Other OEMS (i.e. Siemens) do use the Windows OS on their systems.

  8. MRI Depot on July 27th, 2009 10:45 pm

    @ mad hatter – you are right about the flaw in the system for using a windows based system – however DJ is right, only the siemens use the Windows OS on their systems. As for the ethernet cables they are a required part of the machine for operation. The ethernet cables are used to transmit data from the MRI machines to printers, other computers or third party contractors for reviewing the images of the MRI.

  9. Computer Support on September 15th, 2009 9:58 am

    The Conficker worm has found its way into nearly 300 MRI machines and other hospital equipment that’s connected to the Internet, say security experts who are monitoring the massive computer worm. Security workers at the Internet.. Microsoft should be sued, for building an operating system that is full of security flaws.

Got something to say? **Please Note** - Comments may be edited for clarity or obscenity, and all comments are published at the discretion of ChattahBox.com - Comments are the opinions of the individuals leaving them, and not of ChattahBox.com or its partners. - Please do not spam or submit comments that use copyright materials, hearsay or are based on reports where the supposed fact or quote is not a matter of public knowledge are also not permitted.