ADVISORY / GENERAL GUIDANCE

 

Philips is aware of the current ransomware campaign known as WannaCry (also known as Ransom-WannaCry, WCry, WanaCrypt, and WanaCrypt0r) which has attacked a large number of organizations and over 300,000 victims around the world in approximately 150 countries.  The malware encrypts (locks) computers and demands a payment in Bitcoins, according to information shared online by affected institutions.  According to Microsoft, ransomware attacks have been observed to use common email phishing tactics with malicious attachments to infect devices.  Once launched, the malware can further spread to adjacent systems on a network by exploiting a Windows vulnerability (in SMBv1).  Further information on this Windows vulnerability can be found on the Microsoft website at Microsoft (MS) Customer Guidance for WannaCry Attacks.

 

The vulnerability to this ransomware was identified and a patch was released by Microsoft on March 14, 2017 (MS17-010) for Microsoft supported versions of Windows (including WinVista, WinServer 2008, Win7, WinServer 2008 R2, Win 8.1, WinServer 2012, Win10, WinServer 2012 R2, and WinServer 2016).  In further response specific to this ransomware outbreak, Microsoft also has taken extra steps to release updates for versions of Windows not under Microsoft mainstream support (including WinXP, Win8, and WinServer 2003).

 

Consistent with Philips Product Security Policy, our global network of product security officers and technical support teams are closely monitoring the situation and continue to take appropriate preventative measures.  Philips will continue to work with our customer base to address this malware event and drive any product-specific or customer installation-specific preventative measures such as installation of the latest Microsoft Security Patches, Windows vulnerability containment steps, or other Philips-approved countermeasures as required on Philips products.

 

INTENDED USE ADVISORY

 

Philips would like to advise our customers that neither use of an email client nor browsing the Internet is part of the intended use of any Philips product covered by this advisory.  Philips products that are not listening on SMB ports (137, 138, 139, 445) or RDP port (3389) are not exposed to this Windows vulnerability provided the product is deployed within Philips product specifications and used in accordance with intended use of the product. 

AFFECTED PRODUCTS

 

Select Philips products may be affected by the Microsoft vulnerability being exploited by the WannaCry ransomware.  The potential for exploitability of any such vulnerability depends on the specific configuration and deployment environment of each product as well as adherence to the intended use of the product.

 

Preventative measures on Philips products currently affected by this MS Windows vulnerability (listed in the table below) should be implemented in accordance with Philips authorized steps or countermeasures defined and approved by Philips.  

 

Customers entitled by service-contract to use the Philips InCenter Customer Portal are encouraged to request and attain InCenter access and reference product-specific information posted on Philips InCenter.

 

Philips highly recommends all customers with and without service contracts contact their local service support team or regional product service support to discuss any needed guidance, services, or questions regarding their specific product installations. Customers who require further general information on Philips Product Security may contact Philips Product Security at productsecurity@philips.com.

                                         Philips Products

ServicesReference


IS PACS (IntelliSpace Picture Archiving and Communication System):

  • All Philips IS PACS customers are deployed on Philips managed services.  Philips has engaged all IS PACS customers in scheduling full remediation of any potential exposures to the Windows vulnerability exploited by WannaCry.

PhilipsManagedServices



ISP IX (IntelliSpace Portal Workstation IX):

Version: 6.0.2

ICAP0034

PIIC iX (IntelliVue Information Center):

  Version:  PIIC iX A/B and PIIC Classic N.01

  Version:  PIIC Classic – L, M and N.0 (Out-of-Service, End-of-Support)

 

SB86202583A

 

SB86201939A

IEM (IntelliSpace Event Management):

SB86202577A

Philips highly recommends all customers with and without service contracts contact their local service support team or regional product service support to discuss any needed guidance, services, or questions regarding their specific product installations.  Supporting documentation is posted on the Philips InCenter Customer Portal.  Customers who require further general information on Philips Product Security may contact Philips Product Security at productsecurity@philips.com.

 

Note:
For customers who utilize the Remote Services Network (RSN, PRS), all Philips RSN systems are fully protected against this vulnerability and customers are advised not to disconnect the PRS as it may impact Philips service teams from providing any required immediate and proactive support such as remote patching.

 

GENERAL GUIDANCE

 

The items below are offered as general guidance, are for general consideration only, and must be reviewed in alignment with any posted Philips Service Bulletin with Philips service support to ensure all defined testing and verification processes are followed within product specification and regulatory requirements.  

Work with Philips services support to identify and review:

  1. Philips products that have been patched to protect against the vulnerability being exploited by the WannaCry ransomware.
  2. Philips products that may still be vulnerable to impact from the WannaCry ransomware.
  3. For Philips products that are potentially vulnerable to the WannaCry ransomware, consider the following options or combination of options (where applicable and in accordance with authorized Philips service):

-Consider blocking SMB and RDP ports per Microsoft guidance.

-Consider disabling SMBv1 on our devices if unable to patch the systems.

-Arrange for Philips service teams to apply any available Philips-approved patches or updates to your system per standard procedures.

-Consider implementing anti-virus access protection rules (Example:  Per McAfee Guidancehttps://kc.mcafee.com/corporate/index?page=content&id=KB89335&elqTrackId=080d6d6426f34a2fb9b7fae0ca16d59a&elq=ab2a4141be0344bb8dfd6f18c91a9f26&elqaid=7257&elqat=1&elqCampaignId=4054).


Other General Points for Customer Awareness:

  1. Re-imaging an infected machine will likely overwrite/destroy information on that device.
  2. Making payment to ransomware is not a Philips recommendation.  However, if payment is made to decrypt the system, then

-Data, if and when available, should be backed up to a safe location with appropriate restoration procedures.

-Reinstall the system applications with at least one of the recommended actions to prevent re-infection to the device.

-Network segmentation will help prevent harm to the device as long as the SMB and RDP are not utilized and blocked.


References Resources:

  1. Microsoft (MS) Customer Guidance for WannaCry Attacks
    https://blogs.technet.microsoft.com/msrc/2017/05/12/customer-guidance-for-wannacrypt-attacks/
  2. US-CERT:  Indicators Associated With WannaCry Ransomware
    https://www.us-cert.gov/ncas/alerts/TA17-132A)
  3. ENISA – Europian Union Agency for Network and Information Security:  WannaCry Ransomware Outburst
    https://www.enisa.europa.eu/publications/info-notes/wannacry-ransomware-outburst


Philips is committed to ensuring robust product security resources and support for our healthcare customers, and their patients who rely on them. We continue to engage with the medical device industry, security research community, and government agencies to monitor the situation, respond accordingly, and meet ongoing healthcare cybersecurity challenges.