Medical Computers, Equipment Phoning Home?

May 9, 2009

shtml

WASHINGTON--The Conficker Internet virus has infected important computerized

medical devices, but governmental red tape interfered with their repair, an

organizer of an anti-virus working group told Congress on Friday.

Rodney Joffe, one of the founders of an unofficial organization known as the

Conficker Working Group, said that government regulations prevented hospital

staff from carrying out the repairs.

" For 90 days these infected machines could easily be used in an attack,

including, for example, the leaking of patient information, " said Joffe, who

added that, " They also could be used in an attack that affects other devices on

the same networks, " quoted CNET.

Joffe said not only MRIs were seeking out the Conficker virus and that

" thousands " of hospital machines were vulnerable, said CNET, which pointed out

that machines could be anything from a PC on a desk to sensitive patient

devices.

Around March 24, researchers monitoring the worm noticed that an imaging machine

was reaching out over the Internet to get instructions — presumably from the

programmers who created Conficker.

The researchers discovered that more than 300 similar devices at hospitals

around the world had been compromised. The manufacturer of the devices told them

none of the machines were supposed to be connected to the Internet — and yet

they were.

Normally, the solution would be simply to install a patch, which Microsoft

released in October. But the device manufacturer said rules from the U.S. Food

and Drug Administration required that a 90-day notice before the machines could

be patched.

" For 90 days these infected machines could easily be used in an attack,

including, for example, the leaking of patient information, " said Rodney Joffe,

a senior vice president at NeuStar, a communications company that belongs to an

industry working group created to deal with the worm.

Recommended Posts