Hospital Equipment Infected With Conficker
nandemoari writes "Recently, the Conficker/Downadup worm infected several hundred machines and critical medical equipment in an undisclosed number of US hospitals.
The attacks were not widespread; however, Marcus Sachs, director of the SANS Internet Storm Center, told CNET News that it raises the awareness of what we would do if there were millions of computers infected in hospitals or in critical infrastructure locations.
It's not clear how the devices (including heart monitors, MRI machines and PCs) got infected. Infected computers were running Windows NT and Windows 2000 in a local area network (LAN) that wasn't supposed to be Internet accessible, but the LAN was connected to one with direct Internet access.
A patch was released by Microsoft last October that fixes the problem, but the computers infected were reportedly too old to be patched."
The biggest issue here is that Medical Equipment has to be run through an FDA Validation process. If you make changes to the system, you have to revalidate, and Validation takes months and $100K's. So the vendors leave them as-is.
What's frustrating is that these systems need to be on a LAN, since they need to report their results to other clinical systems. So these small islands need to be linked other islands, and eventually, someone screws up and links an island with an Internet connection . . . .