Medical Device Security
In an effort to maintain product security and customer satisfaction, Mindray evaluates known cybersecurity threats. These efforts include identifying to what extent known threats can impact patient care as well as the efficacy of released patches pertaining to any particular Mindray embedded operating system version.
On May 3, 2022, Armis Research published a report called TLStorm 2.0. Armis has discovered five vulnerabilities in the implementation of TLS communications in multiple models of Aruba and Avaya switches. Both vendors have been found to have switches vulnerable to remote code execution (RCE) vulnerabilities that can be exploited over the network.
On December 9, 2021 a high severity vulnerability (CVE-2021-44228) referred to as Log4j2 was published on GitHub which impacts Apache Log4J and the affected version ranges from 2.0 to 2.14.1. The exploitation of vulnerabilities can cause unauthenticated remote code execution.
On November 9, 2021, Forescout Research published a report called NUCLEUS:13. The report details research they conducted into the Nucleus NET, the TCP/IP stack of the Siemens owned Nucleus real-time operating system (RTOS), where they found 13 new vulnerabilities. These vulnerabilities will cause security risks to devices using the Nucleus RTOS.
Print Nightmare Security
On July 7, 2021 Microsoft released “Out-of-Band” patches to address security vulnerabilities affecting the Windows operating system, these vulnerabilities are commonly known as “Print Nightmare” or “Chaos Print Nightmare”. The released patches (CVE-2021-1675 and CVE-2021-34527) address weaknesses which if exploited would allow a hacker to run arbitrary code with system level privileges.
On October 1, 2019 FDA issued a Safety Communications regarding the Urgent/11 Cybersecurity vulnerabilities. These vulnerabilities exist in a third-party software component, IPNet, used for network communications. IPNet is utilized in several real-time operating systems which may be incorporated into some medical devices. Mindray has not and does not use the identified operating systems in any product sold in North America.
The WannaCry Worm identified in May, 2017 impacted Windows Operating Systems around the world. Microsoft released a patch (MS17-010) to address the vulnerabilities exploited by the WannaCry Worm. Mindray has evaluated this patch and is ready to deploy where applicable. If you feel you have been exposed to WannaCry and would like more information, please contact Mindray Technical Support HIS group.
The Petya Malware was first identified in March 2016. Microsoft addressed the vulnerabilities exploited by Petya Malware in the Microsoft Patch (MS17-010). Mindray has evaluated this patch and is ready to deploy where applicable. If you feel you have been exposed to Petya Malware and would like more information, please contact Mindray Technical Support HIS group.