November 22, 2019
Bayer has performed an assessment of the recently announced URGENT/11 vulnerability, which affects VxWorks. VxWorks is the most widely used real-time operating system(RTOS) in the world, and Bayer uses it in some of our devices. The vulnerability resides in the VxWorks TCP/IP stack(IPnet), impacting all versions since version 6.5.
Based on our analysis, we have determined that no Bayer devices are affected by the URGENT/11 vulnerability, due to the versions that we employ in our devices.
Product security and safety are of tremendous importance to Bayer, and we will continue to monitor the situation and the associated activity and provide updates, as needed.
Support for Microsoft® Windows 7 is ending – understand the transition plan for your Bayer device
October 29, 2019
Microsoft® has announced an important product lifecycle milestone for its Windows 7 Operating System, which may have an impact on your Bayer device.
In 2020, Microsoft will discontinue support of Windows 7, which means that it will no longer provide security updates, software updates or technical support for the Operating System.
How does this milestone impact your Bayer device?
Bayer has decided that in order to effectively support fielded devices while providing customers with the latest Microsoft Operating System, it will proactively migrate all compatible* Windows-based Bayer devices to Windows 10.
If your facility has a Bayer device in service that is operating on Windows 7 or Windows XP, Bayer has a plan to support your transition to Windows 10, whether through a product software update or an equipment platform upgrade.
What is the transition plan for your Bayer device?
If your facility has one or more of the devices below in service, it is likely running on Windows 7 or Windows XP. Please click on the product links below to understand the detailed transition plan for your device.
- MEDRAD® Stellant CT Injection System with Certegra® Workstation running Certegra Software v4.4 or earlier
- MEDRAD® MRXperion Injection System with Certegra® Workstation running Certegra Software v4.4 or earlier
- VirtualCARE™ Remote Support hardware used with MEDRAD® Stellant Classic, MEDRAD® Spectris Solaris EP, MEDRAD® Mark 7 Arterion and MEDRAD® Avanta Injection Systems
- MEDRAD® Intego 200 PET Infusion System
- Certegra Box connected to a MEDRAD® Stellant Classic CT Injection System
In addition, please be aware that due to the transition to Windows 10, the current antivirus protection on Bayer devices running Windows 7 and Windows XP will not be renewed beyond January 2020. †
Don’t see your Bayer device on the list?
Some Bayer devices are already operating on Microsoft Windows 10 and others do not operate on a Microsoft Windows-based platform. Therefore, they are not affected by Windows 7 end of support:
- MEDRAD® Stellant FLEX CT Injection System
- Standalone MEDRAD® Stellant Classic, MEDRAD® Spectris Solaris EP, MEDRAD® Mark 7 Arterion and MEDRAD® Avanta Injection Systems
- MEDRAD® EnVision, MEDRAD® Spectris and MEDRAD® Provis Injection Systems
Bayer is committed to helping your facility through the transition from Windows 7 to Windows 10. Please continue to visit Bayer in Radiology’s Information Technology Advisory web page to receive ongoing updates on the migration process or contact Bayer Service at 1-877-229-3767 for support.
*The Certegra Box is a legacy device that predates Bayer’s three generations of Certegra® Workstation technologies. As such, it is not compatible with Windows 10. Bayer offers several upgrade pathways to assist customers with the transition from the Certegra Box to the Certegra® Workstation 3.0. Please contact your local Bayer Sales Representative for more information.
† The MEDRAD® Intego 200 PET Infusion System does not utilize the same antivirus software as the MEDRAD® Stellant CT Injection System, the MEDRAD® MRXperion Injection System and the VirtualCARE™ Remote Support hardware. As such, the timeline for migration to Windows 10 for the Intego 200 product line is different. Please refer to the product links above for more information.
Information on Orangeworm vulnerability
April 30, 2018
Bayer Radiology has performed an assessment of the below listed Orangeworm vulnerability, and, based on the current understanding and our internal research, we have determined that there is no immediate safety or security threat to Bayer Radiology medical devices, including MEDRAD® Stellant and MEDRAD® MRXperion control room units (Certegra® Workstations), Certegra® and VirtualCare™ devices, MEDRAD® Intego, and Certegra® Connect CT. This is due to the fact that the current primary attack vector is through phishing techniques, which are not supported on these Bayer Radiology medical devices. Bayer Radiology medical devices are not a primary entry point for a phishing-based attack such as Orangeworm, but are highly dependent on the strength of the network on which they are deployed. Bayer Radiology recommends regular network maintenance and patch updates to mitigate vulnerabilities, such as Orangeworm.
The Bayer Radiology Radimetrics™ Enterprise Platform is not impacted by this vulnerability, as it is a Linux-based system and does not rely on MS Windows.
We will continue to monitor the situation and the associated activity and provide updates as needed.
|Potential Orangeworm vulnerability:|
Trojan-type virus aﬀecting MS Windows systems, which may open a back door on the compromised system and download potentially malicious files.
Information on Meltdown and Spectre security issue
January 15, 2018
Bayer Radiology is committed to product safety and security, and an integral element of the Bayer cyber response process is the ongoing global monitoring for cybersecurity signals. Bayer Radiology maintains a testing and monitoring infrastructure, complete with assessment and vulnerability analysis tools, that enables continuous awareness of industry threats. Currently, our Bayer Radiology CyberSecurity team is conducting risk and vulnerability assessments of the recently discovered Meltdown and Spectre vulnerabilities in order to determine potential impact on Bayer Radiology products.
Bayer Radiology will continue to monitor activity and updates associated with the Meltdown and Spectre vulnerabilities, including mitigation solutions being released by various entities. Bayer will continue to post updates regarding this security issue on this website. Customers
requiring further assistance should call Bayer at 1-877-229-3767.