back to article Forget sexy zero-days. Siemens medical scanners can be pwned by two-year-old-days

Hackers can exploit trivial flaws in network-connected Siemens' medical scanners to run arbitrary malicious code on the equipment. These remotely accessible vulnerabilities lurk in all of Siemens' positron emission tomography and computed tomography (PET-CT) scanners running Microsoft Windows 7. These are the molecular imaging …

  1. FlamingDeath Bronze badge

    I'm not sure if the hackers are the worry in this case

    I'd be more concerned with the gamma-emmiting isotopes being injected into my bloodstream.

    Sociopaths tend to gravitate towards positions of power, the medical industry is no different.

    1. Anonymous Coward
      Anonymous Coward

      Re: I'm not sure if the hackers are the worry in this case

      I wonder how long your ill-inforned smartass attitude would last should you actually find yourself in need of a scan for a tumour, say?

      1. FlamingDeath Bronze badge

        Re: I'm not sure if the hackers are the worry in this case

        " ill-inforned smartass attitude"

        Oh I don't know, I suspect I would secretly be thankful for the early demise. You, you want to stick around?

        Now who is the i'll informed smartass?

        1. Pompous Git Silver badge

          Re: I'm not sure if the hackers are the worry in this case

          "Oh I don't know, I suspect I would secretly be thankful for the early demise."
          Stated with great confidence, no doubt. My brother refused treatment for his cancer because irrational fear of gamma radiation. He died a very gruesome death.

          Me? I'm sticking around. I've been irradiated a few times, and survived cancer.

          Evidence for beneficial low level radiation effects and radiation hormesis

    2. Notas Badoff

      Re: I'm not sure if the hackers are the worry in this case

      My partner has had perhaps an even dozen PET scans in the last 3.5 years. They are a godsend for definite answers. When the cancer is potentially as mobile as this one, they told exactly where and how much was involved, and then the progress against the cancer. And perhaps even more important (now) they say that 3 years post stem cell transplant "still clear". Some like that kind of reassurance, y'kno?

      So given that in the developed world one in three of us or someone very close to us will get cancer, I am very glad for the possibility for definite answers.

    3. Anonymous Coward
      Anonymous Coward

      Re: I'm not sure if the hackers are the worry in this case

      Similar to the idea that radon in your basement is a greater danger to you than mad scientists:

      "In a human body of 70 kg mass, about 4,400 nuclei of 40K (potassium isotope) decay per second. The activity of natural potassium is 31 Bq/g. About 0.001% of these 40K decays produce about 4000 natural positrons per day in the human body."

      This from 'positron' article on Wikipedia. Share and Enjoy!

    4. Pompous Git Silver badge
      FAIL

      Re: I'm not sure if the hackers are the worry in this case

      "I'd be more concerned with the gamma-emmiting isotopes being injected into my bloodstream."
      Stop eating Brazil nuts then. And bananas and potatoes while you're at it.

      1. Doctor Syntax Silver badge

        Re: I'm not sure if the hackers are the worry in this case

        "Stop eating Brazil nuts then. And bananas and potatoes while you're at it."

        In fact, stop eating any food except salt and water. About 12 dpm (weak beta) per gram of carbon from the carbon 14.

        1. Pompous Git Silver badge

          Re: I'm not sure if the hackers are the worry in this case

          "In fact, stop eating any food except salt and water. About 12 dpm (weak beta) per gram of carbon from the carbon 14."
          How to upset a greenie. Tell them that if it's genuine biofuel it's radioactive. Fossil fuel isn't.

          1. ibmalone Silver badge

            Re: I'm not sure if the hackers are the worry in this case

            No? Fossil fuels aren't pure carbon https://www.scientificamerican.com/article/coal-ash-is-more-radioactive-than-nuclear-waste/

        2. apveening Silver badge

          Re: I'm not sure if the hackers are the worry in this case

          I am none too sure about the water either, there is some Hydrogen3 oxide around as well.

          1. Doctor Syntax Silver badge

            Re: I'm not sure if the hackers are the worry in this case

            "I am none too sure about the water either, there is some Hydrogen3 oxide around as well."

            AFAICR we weren't terribly worried about tritium in the water that went into the benzene synthesis for the carbon dating system although it might well have been because it could be reasonably well separated in the kick-sorter. Radon in the water supply from the Mournes was a different matter...

      2. Destroy All Monsters Silver badge
        Windows

        Re: I'm not sure if the hackers are the worry in this case

        "I'd be more concerned with the gamma-emmiting isotopes being injected into my bloodstream."

        Why?

        Don't you like to consort with grown men in spandex and gaily jump from one high-rise to the next?

    5. ibmalone Silver badge

      Re: I'm not sure if the hackers are the worry in this case

      Paranoid much? Please see https://www.gov.uk/government/publications/ionising-radiation-dose-comparisons/ionising-radiation-dose-comparisons a PET scan comes in at slightly less than whole body CT or a year in Cornwall. You would have incredible difficulty injecting any more than that, partly due to the level of control on radioactive materials, and partly because the positron emitting isotopes (you do end up with gamma shortly afterwards) have very short lifetimes (longest half-life 110min for 18F, also means stockpiling not possible) and in most centres will have been manufactured somewhere else and ferried (very quickly) to you after going through aforementioned radioactive substances handling processes. A medical physicist has to evaluate the imaging protocols used, which includes the dosing.

      So, I'm not sure what you're suggesting these power-crazed radiographers will do, but if it's some mad Harold Shipman style plot to very slightly increase people's risk of cancer over the rest of their lifetime then they would have a very hard time of it.

  2. Doctor Syntax Silver badge

    What is it with Siemens? We read similar things about their industrial control equipment and it's not as if they're some newbie start-up.

    1. Notas Badoff

      I'm totally amazed that the department of security theatre is able to help fix the theatre of the absurd (being Siemens). How bad is that?

    2. Anonymous Coward
      Anonymous Coward

      Have you ever worked with Siemens?

      1. Anonymous Coward
        Anonymous Coward

        Have you ever worked with Siemens?

        I have. Competent engineers, but management that I wouldn't trust with as much as a pencil.

        That said, I'm staggered that anyone would use Windows for a machine with a lifespan of more than a year :).

        1. Zane

          Same impression here

          Exactly.

          The developers are good. Decision for the operating systems seems to be business decision. Strategic partnership with Microsoft. I am tempted to say "I told you so".

          1. Anonymous Coward
            Anonymous Coward

            Re: Same impression here

            For a long time, medical equipment chose Windows because you had many tools (development environments and libraries) to quickly write applications with a complex GUI, and print out or export results. None of these machine are run from the command line, and the result shown in ASCII, believe me.

            The biggest roadblock for Linux were - and is - the lack of such tools and libraries. Qt & friends - besides being far more complex to use - lacked many of the specific libraries for medical imaging, and GUI widgets.

            Sure, in some environments like CERN and some universities have legions of undergraduates to attempt something in *nix, most commercial companies don't have such source of underpaid developers, and a good GUI is also a sales advantage.

            The contempt greybeards always shown towards GUI applications, and any tool designed to ease their development, is on of the reason Linux has a 3% market share on desktop systems.

            1. Will Godfrey Silver badge
              Unhappy

              That lot again?

              If it's anything like their PLCs the kit will leak like a sieve, be a nightmare to program and massively over-priced.

            2. Doctor Syntax Silver badge

              Re: Same impression here

              "The contempt greybeards always shown towards GUI applications, and any tool designed to ease their development, is on of the reason Linux has a 3% market share on desktop systems."

              The reason Linux has 3% market share on the desktop is because of years of Microsoft leaning on H/W manufacturers to ship Windows and only Windows pre-installed.

              Years ago, late '80s or maybe 1990 we were running a Unix box with an NCD X-terminal. As a cheaper way of getting more X-terminals we installed a very early version of Windows on PCs as there was X-server S/W available for them (note that in X the applications are clients - the server provides the display service). That's right, the function of Windows was as a platform to display the real GUI which was that of the Unix box. Eventually Microsoft picked up a few GUI tricks that had been kicking around in the Unix world for years and stuck them together to make Win 95. Admittedly they hit a sweet spot with the combination but pretty well everything that went into that had been around in Unix for years, together with some New Wave stuff that HP had devised to improve the functionality of Win 3.x. Up to then, and for a good while afterwards, any serious graphical workstation was a Unix box.

              And way before that, maybe 1980ish, we had analytical instruments using graphical displays way before Gates got QDOS at a knock-down price. I remember a Micro-Nova driving an X-Ray microprobe back at that sort of time.

              TL;DR Windows was a late-comer in the GUI game and even then it took a few years to grab enough ideas to become usable.

              1. Pompous Git Silver badge

                Re: Same impression here

                "The reason Linux has 3% market share on the desktop is because of years of Microsoft leaning on H/W manufacturers to ship Windows and only Windows pre-installed."
                That's the myth. The reality back in the 1990s was that Lunix had decided to adopt a version of ISO 8859 character set that excluded typographers' quotes, the en dash, the em dash, the ellipsis and several useful ligatures. Microsoft, Lotus, Digital Equipment Corp and Commodore had adopted an earlier version of ISO 8859 that's called Windows ANSI.

                Hence the quotes around “this” in Windows ANSI were either ("), or `` for the opening quote and (") for the closing quote. Missing also were †, ‡, €, ƒ, ‰, and ™.

                For those of us in publishing, Lunix had effectively put itself out of the running, even had DTP software of the calibre of Pagemaker, Ventura, or QuarkXPress been available. The introduction of proper typographers' marks in Windows and MacOS word processors meant any correspondence generated on Linux looked distinctly amateurish. It's not only MS that shoots itself in the foot.

                It's also part of the myth that you could only purchase a PC with Windows installed. Apart from portables, only two out of dozens of PCs I've purchased came with an OS.

                Edit: dunno why I can't get inch marks to display here. [sigh]

                1. Pompous Git Silver badge
                  Facepalm

                  Re: Same impression here

                  "the quotes around “this” in Windows ANSI"
                  Should of course read: "the quotes around “this” in ISO 8859-1", that being the Western European Character Set that Linux adopted.

            3. Paul Hovnanian Silver badge

              Re: Same impression here

              "For a long time, medical equipment chose Windows because you had many tools (development environments and libraries) to quickly write applications with a complex GUI, and print out or export results."

              *NIX systems (and others) had had a GUI and supporting libraries since before Windows 1.0. What they did not have was a WYSISWG IDE for creating these GUIs.

              Which turns out to be not much of an impediment. In practically every application which offers both a point and click as well as a keyboard input (like AutoCAD, for example), skilled users tend to rely on the keyboard input. Skilled users like the developers of complex medical imaging applications (I would hope). What the point-and-click or drag-and-drop environment does is impress management. Who don't have the same skill sets and extrapolate their ability to MS Paint a simple app to the output of their s/w deportment's productivity.

              I've built a few enterprise web applications using vi. With management continually looking over my shoulder, asking if some web tool set would be faster. Given the amount of time I'd have to spend with a text editor, repairing broken HTML and filling in generated function stubs; Nope. Might as well just use a text editor from the start.

              1. Adam 52 Silver badge

                Re: Same impression here

                "Skilled users like the developers of complex medical imaging applications"

                You seem to have ignored orthopaedic surgeons in your user list. They tend not to be too good with command lines.

                Don't understand why the natural default to not Windows is Linux; any Linux would have its own collection of bugs.

              2. sabba

                Re: Same impression here

                Nothing wrong with using vi to create a GUI based application. X-Windows and Motif, however, were a whole together different kettle of fish. Did the job, but buggy as hell, and highly idiosyncratic. If it weren't for the flakiness of that particular platform, I doubt that O'Reilly publishing would be the power house it is today. They were the only ones who published any halfway decent books on the platform.

                1. Paul Hovnanian Silver badge

                  Re: Same impression here

                  "X-Windows and Motif, however, were a whole together different kettle of fish. Did the job, but buggy as hell, and highly idiosyncratic."

                  To an extent, yes. But with a bit of practice and attention to (poorly documented) details, it wasn't that difficult. I never had an opportunity to do much X/Motif development. But I have done some Perl/Tk interfaces. Not really all that difficult.

                  "If it weren't for the flakiness of that particular platform, I doubt that O'Reilly publishing would be the power house it is today."

                  If I recall my last peek at my O'Reilly manuals, they were little more than reprints of the X/Motif man pages. Back in my days at Boeing, we got a set of these shipped with every HP workstation. Most of them ended up in the dumpster, never unwrapped. So have got a complete set at home (somewhere).

              3. Halfmad Silver badge

                Re: Same impression here

                "Which turns out to be not much of an impediment. In practically every application which offers both a point and click as well as a keyboard input (like AutoCAD, for example),"

                Ex-draughtsman here, worked on DOS versions of AutoCAD all the way to Windows 95! Keyboard input was the way to go, mouse in right hand, left hand mashing various keys to manipulate what I was drawing at the time.

                Yes there were GUIs especially in 95, but they were almost always slower unless buttons linked to macros we'd setup for snapping at pre-set distances etc. At all other times typing singular keys was quicker as the mouse pointer could remain on target.

  3. John Smith 19 Gold badge
    FAIL

    Fabulus. Some of those are Windows bugs, others are in remote admin tools that don't need ID

    A remote admin tool that does not ask for a password by default.

    Very impressive. :-(

    I can sort of get why Siemens would not release updates unless they were internally checked for compatibility with their embedded apps but this should be an existing, ongoing process in Siemens for Windows updates, IE more or less automated.

    1. fidodogbreath Silver badge

      Re: Fabulus. Some of those are Windows bugs, others are in remote admin tools that don't need ID

      A remote admin tool that does not ask for a password by default.

      Not defending bad security, but you can see how that might happen. Machines like this are operated by medical staff, not IT. And this is just one machine out of dozens of computerized scanners, monitors, and other devices that they have to use every day.

      You can't have 20-random-character passwords that are changed every 90 days on machines that have to be deployed quickly in emergency situations. If it had a password, it would probably be something like "1234" or "doctor" anyway, and it'd be written on a post-it note on the side of the machine...

      1. Doctor Syntax Silver badge

        Re: Fabulus. Some of those are Windows bugs, others are in remote admin tools that don't need ID

        "it'd be written on a post-it note on the side of the machine."

        A password written on a post-it note adjacent to the legitimate operators is vastly less of a risk than a passwordless remote admin tool.

      2. BrownishMonstr

        Re: Fabulus. Some of those are Windows bugs, others are in remote admin tools that don't need ID

        Could some sort of PKI Card reader not be implemented, so doctors would only have to remember their own PIN.

        1. Anonymous Coward
          Anonymous Coward

          Re: Fabulus. Some of those are Windows bugs, others are in remote admin tools that don't need ID

          Could some sort of PKI Card reader not be implemented, so doctors would only have to remember their own PIN.

          Probably, but you'd need to link to some broader ident PIN. Giving them something else to remember isn't a good idea.

          Rather OT, but I had to have a scan in a Siemens machine a year back. And it struck me that the patient experience lacked the "wow" factor. The rotating scan head is just about visible through a deeply coloured perspex window, but with a bigger, lighter grey window, some multi-coloured flashing LEDs with patterned timing they could create a really super display. And the machine was commendably quiet, but if they'd use a noisier gearbox it'd produce a super "wooowooooo.waooooooo.waoooooooooooooo" noise with a rising pitch as the head is accelerated. Add some strobing high intensity lights and a Star Trek transporter noise as the head reaches full speed, and the people being scanned would think what a super duper, high tech experience they've had.

          Come on SIemens, what are you playing at?

          1. Adam JC

            Re: Fabulus. Some of those are Windows bugs, others are in remote admin tools that don't need ID

            I had a CT scan when my bowel perforated at Christmas, my first one infact. I like to think I'm okay with most medical procedures but the noise those things make and the fact you're so close to it is actually quite un-nerving and uncomfortable. (This is coming from someone who's had most medical diagnostic procedures in various orifices that things really ought not to be inserted!)

          2. Anonymous Coward
            Anonymous Coward

            Re: sounds like

            I know an MRI (formerly NMR) scanner isn't a CAT scanner or PET scanner, but here are some noises associated with MRI scanners, perhaps you'd like to pick your favourite sections?

            https://www.youtube.com/watch?v=DOjALmwaJ1Q

            Other applicable noises may well be avalable.

            1. Tom 7 Silver badge

              Re: sounds like

              Had an MRI scan recently - the only noise seemed to be the glop glop glop of a pump.

  4. Dave Harvey
    Facepalm

    Unplugging these scanners would be like putting your phone into Aeroplane mode

    Sure - it can still be turned on, and take pictures, but that's not how you expect to use your phone, and now how radiology departments work.....the patient information is normally downloaded from the radiology information system (RIS) and incorporated into the images which are sent to the Picture Archiving Communication and Storage system (PACS) to enable use around the hospital, comparison with previous scans etc. All this uses the DICOM protocol, which whilst far from secure is sufficiently obscure that most hackers haven't bothered (yet!), and there is no need (probably) for complete unplugging. On the other hand, why anyone would want to introduce easily exploitable weaknesses by adding an unnecessary web server etc. to such primary imaging systems is beyond me......those ports need to be blocked (on all machines, not just the ones we know about) now and forever.....

    1. Anonymous Coward
      Anonymous Coward

      "adding an unnecessary web server"

      Because nowadays everything need to be web based - including things that has no reason to be.

      Soon, anyway, will be impossible to find developers able to write native applications...

  5. fidodogbreath Silver badge

    *Almost* no one

    no one wants an X-ray scanner to go nuts at the hand of a hacker while a patient is in it.

    Well, except for the hacker.

    The rest of us would prefer that the scanners don't "go nuts" at all, regardless of their occupancy status. The machine could be damaged, and someone who needs a scan in a life-threatening situation might not be able to get it.

    So thanks, Siemens, for making these gazillion-dollar machines easily pwnable by script kiddies. Awesome job.

  6. Anonymous Coward
    Anonymous Coward

    Re. 7

    Irony: these were upgraded from XP to 7 precisely because XP has more vulnerabilties than a naked hooker.

  7. Martin
    FAIL

    But why are they on the Internet anyway?

    It never ceases to amaze me why these vitally important items which CANNOT be allowed to be damaged are even connected to the outside world directly.

    If they need external data, then download that external data into an internal server (via a firewall), and connect the scanners to the internal server. The internal server could be supplied by the scanner company; it could be a simple single-use box.

    It's not completely foolproof, but it's much safer than just connecting to the outside world.

    1. Nattrash
      Headmaster

      Re: But why are they on the Internet anyway?

      <quote>But why are they on the Internet anyway? </quote>

      Well, because these machines have to be used. I appreciate that you think that these machines just need to be net connected for "external data" (aka random stuff? updates?). But you then completely forget what they actually do: they scan patients to aid diagnosis. As Dave Harvey described here very well, we sped up things (among other things, not talking about e.g. 3D tomography) by not having to "develop films and carrying them around" like I remember from my early days (~ 25 years ago). We also made it more powerful, comprehensive, and (NHS budget anyone?) economical, even by just developing PACS/ RIS that makes all those records easier to store and document. So yes, radiologists have immediate access can can work more fluent, more efficient, which helps patients better and quicker. On the back of this, this has also made other developments like telemedicine possible (whether you agree or not), where radiologists all over the world (yes, India, but also that expert in US, CH or NZ) can easily and quickly diagnose images of patients in the UK. In short, stop seeing scanners like this like a stand alone box, and see it as an interconnected component of a work flow.

      And @FlamingDeath:

      At the risk of sounding pedantic, but isotopes used for diagnosis or treatment don't emit gamma radiation exclusively, but some also emit alpha, beta, or positrons. And although I also have my gripe with the industry I work with/ in, I really struggle to see how you come to label them sociopaths. Sounds like you don't have complete inside into "how things work". As Credas said, hope for you you don't "get your cake and have to eat it too".

      1. Doctor Syntax Silver badge

        Re: But why are they on the Internet anyway?

        @Nattrash

        Dave Harvey also made the point that they use a specific protocol, DICOM. a moment's googling takes be to the wikipedia article which in turn tells me that DICOM uses specific ports. If the system has to be exposed to the wider internet (as opposed to a network whose access is limited to legitimate users) then only those ports should be open.

        1. Nattrash

          Re: But why are they on the Internet anyway?

          @DrSyntax

          Perhaps it's better to call DICOM a standard and a guideline? But yes, you're absolutely right, although I must admit I'm very rusty on the communication side (hell, I'm just rusty I suppose ☺). Having found the wiki, you probably also found that DICOM is produced and maintained by NEMA, which basically is a coop of the medical imaging manufacturers. This was a sensible and much needed solution in the early days, when stuff was manufacturer specific, locked and non interchangeable.

          Having moved on to other medical devices, I'm afraid I can't tell you what DICOM standards are nowadays. Their "resource page" is still there (http://dicom.nema.org/standard.html - Jeez, people, do a bloody face lift! I'm also not using Mosaic anymore!).

          If my memory serves me well, you'll find info of your interest most likely in part 8 and part 15.

        2. Dave Harvey

          Re: But why are they on the Internet anyway?

          In fact, the biggest risk isn't the "internet" - that's pretty much fire-walled to death in most hospitals - it's the internal "trusted" network which is the problem - everything from administrative PCs to network points for patient kiosks in public areas and doctors' PCs which need to be able to access the imaging systems in examination rooms - any of these are at significant risk of being pwned or abused, which is why the devices need their own defences to be as good, with the smallest attack surface as possible.

          1. Doctor Syntax Silver badge

            Re: But why are they on the Internet anyway?

            "the devices need their own defences to be as good, with the smallest attack surface as possible."

            That brings us back to the original article and the point that in this case they don't have the smallest attack surface possible.

            I have to take SWMBO to an outpatient eye clinic from time to time. As it involves sitting around for a good while I sometimes take a small laptop to do some work - ooh, look, three open SSIDs! No I didn't try connecting.

            1. Nattrash
              Devil

              Re: But why are they on the Internet anyway?

              @DrSyntax

              OK, now, I'm confused. SWMBO makes you sound like you see things in the right perspective, but that talk about open SSIDs labels you as a naughty one...

      2. ibmalone Silver badge

        Re: But why are they on the Internet anyway?

        They are also often on heavily locked down networks. This can be a pain if you are (for example) attempting to conduct a multi-centre study and need to have people send MRI to you for analysis, outside their normal connection to the hospital PACS. There are ways to set that up safely over a network, but we work with some people who have to transfer every scan onto CD and upload from a separate computer because they can't get local agreement for it. (We've also come close to being told that sites are simply not able have a computer that can connect outside the network and would like to send the CDs to us.)

      3. Martin
        Happy

        @Nattrash - Re: But why are they on the Internet anyway?

        OK, fair enough. Thanks for the explanation.

        And may I also thank you for putting me straight politely? I'm not used to that on the internet :)

  8. Lars Silver badge
    Happy

    Most scans are done wit hout any injections at all, brain scans are the exceptions. As I have said before, Windows is the largest IT catastrophe to date.

    1. ibmalone Silver badge

      PET is an entirely tracer-based technique, it always requires an injection. You could use a PET-CT machine for only CT, but likely you would just use a much cheaper CT only machine. There are injectable CT contrast agents, which can include for angiography in stroke, but they don't have to be used in head imaging, and can be used outside the head too.

  9. Yet Another Anonymous coward Silver badge

    It's not the scanner's fault

    A drug cart in an emergency room has a lock, it's a weedy little lock sufficent to stop some passer by helping themselves. It isn't proof against a prolonged attack by a group of bank robbers. If you wanted to make the drug cart proof against a directed attack by a state level attacker it would be just a little bit more expensive and inconvenient to use.

    But it doesn't need to be because it is installed in an area where access is relatively controlled and people are watching it.

    The same with the scanner, it should be protected by the hospital's network security. If they want to put it on a public facing net then they are going to have to pay for a military grade secured system and have to deal with the inconvenience of the necessary access controls.

    They are also going to have to pay for the weeks/months of testing necessary everytime Windows releases an update and the downtime while the scanner is disconnected until the patch has been tested.

    1. tfewster Silver badge
      Facepalm

      Re: It's not the scanner's fault

      > "They are also going to have to pay for the weeks/months of testing necessary everytime Windows releases an update..."

      That's fair. Say Siemens spend £1M a year on that testing (10-20 FTEs). Divide it amongst their customers (Say 1000), and add it to the maintenance costs of the scanner. £1000 p.a. each isn't going to make a blip on the costs of running a scanner.

      (Part 2 of the plan is to make security a selling point and block competitors from winning sales on those grounds. Win-win)

  10. John Brown (no body) Silver badge
    Joke

    Seimans...always coming late...

    ...to the Patch Party.

    Sorry. My inner 12 year old escaped for a moment.

  11. Anonymous Coward
    Anonymous Coward

    Lol. Windows.

  12. Anonymous Coward
    Anonymous Coward

    Welcome to your scanner. Proudly unpatched & presented by Siemens Rushdie.

  13. Doctor Syntax Silver badge

    Headline

    I keep reading it as saying that they can be pwned by two year old boys and wondering just how young they're starting these days.

  14. John Smith 19 Gold badge
    Coat

    So perhaps configure all the medical staff only as a sub net?

    Probably a very old fashioned idea but y'know, partitioning?

  15. BongoJoe

    Perhaps, or perhaps not.

    Which is good, because no one wants an X-ray scanner to go nuts at the hand of a hacker while a patient is in it.

    Given the useless and utterly inaccurate diagnosis endured from the last consultant, perhaps the hacker may have more chance of giving a better one. The cat certainly does a far better job than the overpaid twonk.

  16. Anonymous Coward
    Anonymous Coward

    Hidden Agenda

    Strange they single out Siemens. As if GE didn't have the same/similar vulnerabilities on their Win7 systems. Siemens=European, GE=American, ICS=American... I suppose at least GE had the good sense to run their acquisition front ends on Linux..

    Just sayin

  17. Stevie Silver badge

    Bah!

    I got CAT scanned and now I have a radio in my head controlled by Fidel Castro.

    Thanks a lot, haxxors.

  18. PeterM42
    FAIL

    Only to be expected...

    .....if you ever had a Siemens computer, your expectations will be EXTREMELY LOW.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019