DHS issues warning over cybersecurity vulnerabilities in Siemens imaging devices

DHS said vulnerabilities within four Siemens imaging devices could be exploited by low-skill attackers.

The Department of Homeland Security is warning providers about several cybersecurity vulnerabilities with molecular imaging products manufactured by Siemens.

The vulnerabilities, which give an attacker the ability to access the devices remotely, have been found in four imaging device running on Windows XP and Windows 7, according to advisories issued by DHS on Friday.

The agency noted that exploits for these vulnerabilities are publicly available and could be targeted by a low-skill attacker.

Siemens said it is updating the affected products and recommended running the devices on a dedicated network protected by a firewall or disconnecting the devices from the network and reconnecting only after a patch has been installed.

RELATED: For hospitals defending against cyberattacks, patch management remains a struggle

Siemens was one of several device manufacturers to report infections during the WannaCry attack in May. Meanwhile,  medical device cybersecurity was one of the many critical issues raised in a recent report by the Department of Health and Human Services Cybersecurity Task Force that also pushed for a “Cash for Clunkers”-type program to get legacy devices out of healthcare systems.

Some medical device manufacturers are pushing for industry-led cybersecurity standards, arguing that the government isn’t going to “ride in on a white horse” and solve the problem. At the same time, new legislation aims to require minimum testing requirements for medical devices.