The Medical Imaging & Technology Alliance Offers Guidance on Mitigating FDA-Announced URGENT11 Vulnerabilities in Medical Imaging Devices

The Medical Imaging & Technology Alliance Offers Guidance on Mitigating FDA-Announced URGENT11 Vulnerabilities in Medical Imaging Devices

Rosslyn, VA, October 01, 2019 –(PR.com)– In response to the Food and Drug Administration’s (FDA) recent announcement about revelations of a suite of vulnerabilities known as “URGENT/11,” the Medical Imaging & Technology Alliance (MITA) today released a list of general recommendations for health delivery organizations (HDOs) to consider. Recognizing that the security of medical imaging is a shared responsibility, MITA is communicating this information to assist HDOs that may be concerned about the impact of the vulnerabilities on their systems.

The “URGENT/11” vulnerabilities reside in the TCP/IP stack (IPnet), a component of several Real-Time Operating Systems (RTOS), most notably in certain versions of VxWorks. The vulnerabilities are identified by the following CVE numbers:

CVE-2019-12255
CVE-2019-12256
CVE-2019-12257
CVE-2019-12258
CVE-2019-12259
CVE-2019-12260
CVE-2019-12261
CVE-2019-12262
CVE-2019-12263
CVE-2019-12264
CVE-2019-12265

MITA Recommendations for Healthcare Delivery Organizations

Contact your device manufacturer to obtain information about whether your device is impacted.

Ensure you follow the manufacturer’s process for making any changes and follow the appropriate backup and system restoration procedures.

Apply provided security updates to impacted devices as soon as they become available.

Ensure your networks are protected with appropriate mechanisms (e.g., firewalls, network segmentation, virtual private networks) and follow any recommended security guidelines provided by the manufacturer.

Additional Information

Vendor-specific security information is also available from many medical imaging manufacturers. Visit www.medicalimaging.org/urgent-11 to view the most up-to-date list of vendor-specific links. The list will continue to be updated as more information becomes available.

Baxter (https://www.baxter.com/product-security)

Canon Medical Systems USA (https://us.medical.canon/download/VXWorks)

Carestream (https://www.carestream.com/en/us/services-and-support/cybersecurity-and-privacy)

Dräger (https://static.draeger.com/security/download/2019-07-29-WindRiver-VxWorks-Security-Advisory.pdf)

GE Healthcare (https://www.gehealthcare.com/security)

Philips (https://www.usa.philips.com/healthcare/about/customer-support/product-security)

Siemens Healthineers (https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity)

FUJIFILM Sonosite (https://www.sonosite.com/support/cybersecurity-alert-urgent-11)

The Medical Imaging & Technology Alliance (MITA), a division of NEMA, is the collective voice of medical imaging equipment manufacturers, innovators, and product developers. It represents companies whose sales comprise more than 90 percent of the global market for advanced medical imaging technology. For more information, visit www.medicalimaging.org. Follow MITA on Twitter @MITAToday.­­­­­

Leave a comment

Your email address will not be published. Required fields are marked *