Rosslyn, VA, October 01, 2019 –(PR.com)– In response to the Food and Drug Administration’s (FDA) recent announcement about revelations of a suite of vulnerabilities known as “URGENT/11,” the Medical Imaging & Technology Alliance (MITA) today released a list of general recommendations for health delivery organizations (HDOs) to consider. Recognizing that the security of medical imaging is a shared responsibility, MITA is communicating this information to assist HDOs that may be concerned about the impact of the vulnerabilities on their systems.
The “URGENT/11” vulnerabilities reside in the TCP/IP stack (IPnet), a component of several Real-Time Operating Systems (RTOS), most notably in certain versions of VxWorks. The vulnerabilities are identified by the following CVE numbers:
CVE-2019-12255
CVE-2019-12256
CVE-2019-12257
CVE-2019-12258
CVE-2019-12259
CVE-2019-12260
CVE-2019-12261
CVE-2019-12262
CVE-2019-12263
CVE-2019-12264
CVE-2019-12265
MITA Recommendations for Healthcare Delivery Organizations
Contact your device manufacturer to obtain information about whether your device is impacted.
Ensure you follow the manufacturer’s process for making any changes and follow the appropriate backup and system restoration procedures.
Apply provided security updates to impacted devices as soon as they become available.
Ensure your networks are protected with appropriate mechanisms (e.g., firewalls, network segmentation, virtual private networks) and follow any recommended security guidelines provided by the manufacturer.
Additional Information
Vendor-specific security information is also available from many medical imaging manufacturers. Visit www.medicalimaging.org/urgent-11 to view the most up-to-date list of vendor-specific links. The list will continue to be updated as more information becomes available.
Baxter (https://www.baxter.com/product-security)
Canon Medical Systems USA (https://us.medical.canon/download/VXWorks)
Carestream (https://www.carestream.com/en/us/services-and-support/cybersecurity-and-privacy)
Dräger (https://static.draeger.com/security/download/2019-07-29-WindRiver-VxWorks-Security-Advisory.pdf)
GE Healthcare (https://www.gehealthcare.com/security)
Philips (https://www.usa.philips.com/healthcare/about/customer-support/product-security)
Siemens Healthineers (https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity)
FUJIFILM Sonosite (https://www.sonosite.com/support/cybersecurity-alert-urgent-11)
The Medical Imaging & Technology Alliance (MITA), a division of NEMA, is the collective voice of medical imaging equipment manufacturers, innovators, and product developers. It represents companies whose sales comprise more than 90 percent of the global market for advanced medical imaging technology. For more information, visit www.medicalimaging.org. Follow MITA on Twitter @MITAToday.
WASHINGTON—The Office of the Comptroller of the Currency (OCC) today released enforcement actions taken against…
As Prepared for Delivery Good afternoon. It’s an honor to welcome President Clinton to Treasury today…
WASHINGTON – Today, as part of the 30th anniversary celebration of the Community Development Financial…
Treasury imposes sanctions on dozens of Russian banks, securities registrars, and finance officials; OFAC issues…
WASHINGTON—Acting Comptroller Michael J. Hsu today testified on the state of the federal banking system…
As Prepared for Delivery Thank you very much for the opportunity to be here today, and…