Support Site For Hospital Respirators Found Riddled With Malware

chicksdaddy writes "A web site used to distribute software updates for a wide range medical equipment, including ventilators has been blocked by Google after it was found to be riddled with malware and serving up attacks. The U.S. Department of Homeland Security is looking into the compromise. The site belongs to San Diego-based CareFusion Inc., a hospital equipment supplier. The infected Web sites, which use a number of different domains, distribute firmware updates for a range of ventilators and respiratory products. Scans by Google's Safe Browsing program in May and June found the sites were rife with malware. For example, about six percent of the 347 Web pages hosted at Viasyshealthcare.com, a CareFusion Web site that is used to distribute software updates for the company's AVEA brand ventilators, were found to be infected and pushing malicious software to visitors' systems."

Probably not singled out

[dmomo]

A lot of sites are infected by bots who probe domains for tell-tale signs of security holes. Take a look at the logs for any website. You'll see regular GET requests from thousands of ip addresses looking for pages of well known applications (like phpmyadmin).

The site was probably running some package with a hole in it.

I run a url-shortner. Links to such compromised sites are always being further obfuscated through the shortner. It's a never ending process.

They will be fine

[Billly+Gates]

All the hospitals I worked on still use IE 6 and XP SP 2 which has not had an update in over 2 years with +100 exploits. With that and some of the most top IT and well paid infrastructures in the industry I can't see how anything could go wrong?

Re:They will be fine

I am a contractor so yes it was past tense.

The issue I am making fun of is hospitals have LARGE amounts of devices that are internet enabled like $300,000 cat scan machines that PDF and email documents and are managed only via IE 6 as they were made in a different era when that was the gold standard before Firefox was anything but a cheap amature internet thingie a half decade ago. They almost always use very obsolete platforms with 256 megs of ram, IE 6, etc. The budget analysts folks are under heavy pressure to cut costs and IT is always the cost center at the end of day.

Worse many devices have support contracts dictating you use IE 6 or IE 7 before we will even talk to you on the phone. All equipment must be medical certified which takes years to process so they are even further behind compared to vanilla corporate America. This was the case with the EPIC project I was working on.

I was dumb founded when they had me installing XP SP 2 on these new icore 5s. At least XP SP 3 gets patches. Looking at ColdWetdog's website I believe I worked for his employer possible in 2011 early last year and maybe they did plan on upgrading. If it was in Anchorage where the center facility is based I will certainly get a good laugh :-)

If they went to at least XP SP 3 by now then that is patched I will be happy. There were no talks of that at the time as I asked the IT department WTF etc. Equipment and medical software are very very expensive and is always years behind the competition. In Canada they still use Windows 2000 and IE 5.5 web apps because it is cost prohibitive to change and things like COWS (Computer On Wheels) have very narrow specifications where the company will void your warranty if you touch it.

Locking systems down to exact time frames is wrong and is negligent in this new day and age I agree. I hope McKesson and StarChart certainly do just follow standards as hospitals should be more state of the art in technology and not techno-phobic so to speak. WIth such pricy and expensive testing it makes sense to keep the budget to hire more nurses and doctors than to keep IT going if their systems are just something a secretary uses to remind patients when their next appointment is. The medical database project at least tied all of Alaska, Washington, and Oregon together with a unified patient record which now makes IT a lot more important.

Assisted suicide just got easier

[deatypoo]

Your honor, I swear, grandma was hacked!

Re:Oh nos, they shut down the Google!

[andymadigan]

This is Google's Safe Browsing function. It's their attempt to flag potentially dangerous sites. IT's not intended to block access to the site entirely, merely warn that it's been infected. It's up to the people who manage the site to fix it.

Re:So what

Possibly - but the most malware-infected sites are sometimes the ones you wouldn't expect. Charities. Churches. Fraternal organizations. Anyplace where the servers are operated and maintained by volunteers who don't have a financial stake in the organization's operations, and who don't have a good background in security.

Porn sites, on the other hand, are run by businesses who expect repeat business, and can't afford to scare customers away with malware. Their sites are much LESS likely to be infected, because they have professional IT staffs.

You get the IT support you pay for.

Re:I don't get it...

[dalias]

The problem is that the malware might offer a backdoor for someone to intentionally compromise the integrity of the medical device firmware. Even if it doesn't, the fact that the site is vulnerable means somebody else who's actually skilled (unlike the dumb sks/bots) could independently obtain access for the purpose of modifying the firmware.