•  
  •  
logologologologo
  • Products
    • Patient monitoring and connectivity
      • Patient monitoring
        • Xprezzon bedside monitor
        • Qube compact bedside monitor
        • Qube Mini transport monitor
        • Clinical parameters
          • Bispectral Index (BISx)
          • Capnography
          • Multigas analysis
          • Multi-parameter Command Module
          • SvO₂/ScvO₂
        • C50 bedside monitor
        • Elance vital signs monitor
        • DM4 dual-mode monitor
      • Surveillance
        • Xhibit XC48 central surveillance
        • Xhibit XC4 satellite surveillance
      • Telemetry and ambulatory
        • AriaTele patient-worn telemetry
        • LifeSync patient-worn BlueTooth
      • Clinical tools
        • Clinical Access
        • Custom Trends
        • Print Manager
        • SafeNSound
          • SafeNSound Mobile
        • Smart Disclosure
        • Vital Signs Viewer
      • Secondary Alarm Notifications
      • Networking and integration
        • XprezzNet
        • Flexport interfaces
    • Cardiology and remote monitoring
      • Data management
        • Sentinel
      • Holter analyzers and recorders
        • Eclipse Pro extended Holter recorder
        • Eclipse Mini diagnostic patch recorder
        • Lifecard CF
        • Evo
        • Pathfinder SL
        • LifeScreen Pro event screening system
      • Sentinel mobile workstation
      • Resting ECG
        • CardioExpress SL18A
        • CardioExpress SL12A
        • CardioExpress SL6A
      • Stress Testing
      • ABP monitoring
        • OnTrak
        • 90217A
    • Cybersecurity
      • Security advisories and archives
      • Patch Test Reports
      • MDS2 Forms
    • Factory Certified
    • Supplies and accessories
      • Curve Blood Pressure Cuffs
      • Supplies and accessories to reduce healthcare-associated infections
  • Care areas
    • Keeping caregivers safe
    • Cardiology
    • Emergency department
    • Intensive care unit
    • Neonatal intensive care unit
    • Perioperative care
  • Education
    • Clinical education
    • eLearning
    • Technical training
  • Support
    • Feedback submission
    • Product manuals
    • Service contract
    • Supplier change request
    • Cleaning instructions
  • News and Events
  • About us
    • Contact us
    • Our heritage
    • Patents and trademarks
    • Quality and ISO certificates
    • Regional contacts
    • Senior management
    • Terms and policies
    • Careers
  • EnglishEnglish
    • EnglishEnglish
    • EspañolEspañol
    • FrançaisFrançais
    • DeutschDeutsch
    • ItalianoItaliano
    • PortuguêsPortuguês
logologologologo
  • Products
    • Patient monitoring and connectivity
      • Patient monitoring
        • Xprezzon bedside monitor
        • Qube compact bedside monitor
        • Qube Mini transport monitor
        • Clinical parameters
          • Bispectral Index (BISx)
          • Capnography
          • Multigas analysis
          • Multi-parameter Command Module
          • SvO₂/ScvO₂
        • C50 bedside monitor
        • Elance vital signs monitor
        • DM4 dual-mode monitor
      • Surveillance
        • Xhibit XC48 central surveillance
        • Xhibit XC4 satellite surveillance
      • Telemetry and ambulatory
        • AriaTele patient-worn telemetry
        • LifeSync patient-worn BlueTooth
      • Clinical tools
        • Clinical Access
        • Custom Trends
        • Print Manager
        • SafeNSound
          • SafeNSound Mobile
        • Smart Disclosure
        • Vital Signs Viewer
      • Secondary Alarm Notifications
      • Networking and integration
        • XprezzNet
        • Flexport interfaces
    • Cardiology and remote monitoring
      • Data management
        • Sentinel
      • Holter analyzers and recorders
        • Eclipse Pro extended Holter recorder
        • Eclipse Mini diagnostic patch recorder
        • Lifecard CF
        • Evo
        • Pathfinder SL
        • LifeScreen Pro event screening system
      • Sentinel mobile workstation
      • Resting ECG
        • CardioExpress SL18A
        • CardioExpress SL12A
        • CardioExpress SL6A
      • Stress Testing
      • ABP monitoring
        • OnTrak
        • 90217A
    • Cybersecurity
      • Security advisories and archives
      • Patch Test Reports
      • MDS2 Forms
    • Factory Certified
    • Supplies and accessories
      • Curve Blood Pressure Cuffs
      • Supplies and accessories to reduce healthcare-associated infections
  • Care areas
    • Keeping caregivers safe
    • Cardiology
    • Emergency department
    • Intensive care unit
    • Neonatal intensive care unit
    • Perioperative care
  • Education
    • Clinical education
    • eLearning
    • Technical training
  • Support
    • Feedback submission
    • Product manuals
    • Service contract
    • Supplier change request
    • Cleaning instructions
  • News and Events
  • About us
    • Contact us
    • Our heritage
    • Patents and trademarks
    • Quality and ISO certificates
    • Regional contacts
    • Senior management
    • Terms and policies
    • Careers
  • EnglishEnglish
    • EnglishEnglish
    • EspañolEspañol
    • FrançaisFrançais
    • DeutschDeutsch
    • ItalianoItaliano
    • PortuguêsPortuguês
  •  
  •  

Ryuk Malware cybersecurity information

Home » Products » Cybersecurity » Security advisories and archives » Ryuk Malware cybersecurity information

Ryuk Malware Threat Assessment and Potential Product Impact Statement
Publication Version Publication Notes/Changes Publish Date
1.0 Initial publication October 30, 2020

Spacelabs Healthcare has been made aware of a malware (sometimes called “ransomware”) campaign attributed to the Ryuk group impacting healthcare and public sector organizations. The Ryuk group and their malware campaigns have been known in the industry for several years and have a history of success in exploiting and impacting businesses and IT operations. Spacelabs has conducted an assessment to identify the potential impact to our products in this attack, including if a product can be maliciously encrypted or used as a vector to spread the malware.

Current threat analyses of the Ryuk group’s latest campaign are finding that the malware primarily targets devices running Windows operating systems. Initial reported compromises have been attributed to successful email phishing campaigns, followed by exploitation of several common Windows services such as Remote Desktop Protocol (RDP) and network file shares to propagate the malware.  A joint cybersecurity advisory has been published by the Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), and the Department of Health and Human Services (HHS) regarding the current Ryuk malware campaign:

https://us-cert.cisa.gov/sites/default/files/publications/AA20-302A_Ransomware%20_Activity_Targeting_the_Healthcare_and_Public_Health_Sector.pdf

Spacelabs recommends the following defenses and mitigations be applied to an enterprise environment.

  • Train employees on social engineering and phishing techniques. Have a policy or process in place to report suspicious emails to the appropriate event and incident responders.
  • Apply applicable patches, hotfixes, and updates to servers and products when available and after they have been validated.
  • Implement defense-in-depth within the enterprise environment consisting of tools such as Intrusion Detection/Prevention Systems (IDS/IPS), firewalls, and network access control (NAC).
  • Implement and maintain an anti-malware solution (also called “anti-virus”) and an endpoint detection and response (EDR) solution.
  • Disable remote access services and protocols such as Remote Desktop Protocol (RDP) unless needed. Monitor and restrict remote access usage on a least privilege basis.
  • Have backup and restore processes and procedures in place for disaster recovery and incident response.
  • Monitor and maintain account provisioning and access control based on the principle of least privilege.
  • Block suspicious external IP addresses at the enterprise firewalls. Monitor traffic internally for unusual behavior.

In response to the latest Ryuk campaign, Spacelabs has conducted an assessment to identify devices potentially at risk for this ransomware campaign. Please note information is subject to change as the situation evolves.

Patient Monitoring and Connectivity Products
Product Host Operating System Impact Assessment
XprezzNet 96190 Windows Server 2012 R2, Windows Server 2016 XprezzNet software is not directly impacted by this campaign.  However, XprezzNet is hosted in the customer’s environment.  It is the customer’s responsibility to manage the security of the host environment. Windows patch qualifications are available on our customer web portal.
Intesys Clinical Suite (ICS) Windows Server 2012 R2, Windows Server 2016 ICS software is not directly impacted by this campaign.  ICS products are hosted in the customer’s environment.  It is the customer’s responsibility to manage the security of the host environment. Windows patch qualifications are available on our customer web portal.
Xhibit Telemetry Receiver (XTR) 96280 Windows Embedded Standard 7 SP1 Version 1.2.1- No risk due to system architecture and hardening. It is recommended to have the XTR devices on their own isolated network or as part of a controlled monitoring network, separate from an enterprise network.
Xhibit 96102 / XC4 96501 Windows Embedded Standard 7 SP1 Version V1.3.5 – No risk due to system architecture and hardening. It is recommended to have the Xhibit/XC4 devices on a controlled monitoring network, separate from an enterprise network.
Bedside Monitors

  • Xprezzon 91393
  • Qube 91390
  • Ultraview SL
VxWorks 6.6 Not at risk due to system architecture.
Diagnostic Cardiology Products
Product Host Operating System Impact Assessment
Sentinel Windows 7 & 10, Windows Server 2012 R2, Windows Server 2016, Windows Server 2019 Sentinel is not directly impacted by this campaign.  However, Sentinel is hosted in the customers environment. It is the customer’s responsibility to manage the security of the host environment. Windows patch qualifications are available on our customer web portal.

 

Pathfinder SL Windows 7, Windows 10 Pathfinder SL is not directly impacted by this campaign.  However, Pathfinder SL is hosted in the customers environment. It is the customer’s responsibility to manage the security of the host environment. Windows patch qualifications are available on our customer web portal.

 

Lifecard CF No OS Not at risk due to system architecture.

 

EVO No OS Not at risk due to system architecture.
CardioExpress SL6A SL12A / CardioExpress SL18A Embedded OS Not at risk due to system architecture
   ABP

  • OnTrak
  •  90217A
  • 90207
No OS Not at risk due to system architecture.
Additional Resources
  • Spacelabs Cybersecurity Information
    https://www.spacelabshealthcare.com/products/security/
  • Spacelabs Security Advisories
    https://www.spacelabshealthcare.com/products/security/security-advisories-and-archives/
  • Spacelabs Patch Qualification Customer Portal
    https://www.spacelabshealthcare.com/products/security/patch-test-reports-access-form/?redirect_to=%2Fproducts%2Fsecurity%2Fpatch-test-reports%2F
  • Microsoft Blog on Trickbot Botnet (used to distribute the Ryuk malware)
    https://blogs.microsoft.com/on-the-issues/2020/10/12/trickbot-ransomware-cyberthreat-us-elections/
  • Further details about the Ryuk group
    https://www.hhs.gov/sites/default/files/ryuk-update.pdf.
  • Technical breakdown of the latest threat intel
    https://news.sophos.com/en-us/2020/10/14/inside-a-new-ryuk-ransomware-attack/
Related links
  • Cybersecurity overview
  • Security advisories and archives
  • Third-party patch test reports
  • MDS2 forms
  • Sign up for email alerts and patch test report access
Privacy | Terms of Use | Cookies | Distributor access | © 2021 All Rights Reserved
Spacelabs Healthcare is a wholly owned subsidiary of OSI Systems, Inc.

loading

Please wait while you are redirected to the right page...

Please share your location to continue