For U.S. healthcare professionals only.

INFORMATION TECHNOLOGY ADVISORY

Information on Orangeworm vulnerability

April 30, 2018

Bayer Radiology has performed an assessment of the below listed Orangeworm vulnerability, and, based on the current understanding and our internal research, we have determined that there is no immediate safety or security threat to Bayer Radiology medical devices, including MEDRAD® Stellant and MEDRAD® MRXperion control room units (Certegra® Workstations), Certegra® and VirtualCare™ devices, MEDRAD® Intego, and Certegra® Connect CT. This is due to the fact that the current primary attack vector is through phishing techniques, which are not supported on these Bayer Radiology medical devices. Bayer Radiology medical devices are not a primary entry point for a phishing-based attack such as Orangeworm, but are highly dependent on the strength of the network on which they are deployed. Bayer Radiology recommends regular network maintenance and patch updates to mitigate vulnerabilities, such as Orangeworm.

The Bayer Radiology Radimetrics™ Enterprise Platform is not impacted by this vulnerability, as it is a Linux-based system and does not rely on MS Windows.

We will continue to monitor the situation and the associated activity and provide updates as needed.

 

Potential Orangeworm vulnerability:

Trojan.Kwampirs

Trojan-type virus affecting MS Windows systems, which may open a back door on the compromised system and download potentially malicious files.

 

Information on Meltdown and Spectre security issue

January 15, 2018

Bayer Radiology is committed to product safety and security, and an integral element of the Bayer cyber response process is the ongoing global monitoring for cybersecurity signals. Bayer Radiology maintains a testing and monitoring infrastructure, complete with assessment and vulnerability analysis tools, that enables continuous awareness of industry threats. Currently, our Bayer Radiology CyberSecurity team is conducting risk and vulnerability assessments of the recently discovered Meltdown and Spectre vulnerabilities in order to determine potential impact on Bayer Radiology products.

Bayer Radiology will continue to monitor activity and updates associated with the Meltdown and Spectre vulnerabilities, including mitigation solutions being released by various entities. Bayer will continue to post updates regarding this security issue on this website. Customers
requiring further assistance should call Bayer at 1-877-229-3767.