If your hospital or clinic uses a Windows 7-based version of a Siemens PET/CT or SPECT system, it could be vulnerable to attack by a relatively low-skill hacker, according to a July 26, 2017, security advisory from the company.

The Industrial Control System Cyber Emergency Response Team (ICS-CERT), a division of the U.S. Department of Homeland Security, also released an advisory on the vulnerabilities, each of which were scored at a “critical” level of 9.8 out of 10 on the Common Vulnerabilities Scoring System (CVSS). And recently, the FDA recalled 465,000 pacemakers after finding vulnerabilities that could let hackers reprogram the devices.

Both advisories note that the exploitability of these vulnerabilities depends on an organization’s configuration and deployment environment. In a network that lacks proper segmentation or other access controls, a successful hack of a medical device could open a portal into the larger network.

 …