GE Healthcare is aware of the recent reports of a widespread ransomware event, known as "Petya," that is affecting entities globally in a diverse range of industries. Based on the information currently available, it appears that a common distribution method of the Petya ransomware is through spear phishing using a malicious document (e.g., e-mail). Similar to the recent WannaCry event, once the ransomware has made it onto a system, Petya encrypts the hard-drive and demands a Bitcoin ransom to unlock it.
At this time, there is no expected impact to GE Healthcare software or devices that have been remediated through patching to address the MS17-010 SMBv1 (WannaCry) vulnerability. However, software or devices that have not yet been patched to address MS17-010 SMBv1 remain vulnerable to the Petya ransomware. GE Healthcare recommends that you apply the necessary patches as soon as possible. For more information regarding specific devices or products in your installed base, please contact your GE Service Representative or GE Service Call Center.
GE Healthcare will continue to monitor the situation and will provide any necessary updates.
30 June 2017
GE Healthcare Guidance on WannaCry Ransomware
Overview and background
GE Healthcare is closely monitoring and taking action to address an ongoing ransomware campaign known as WannaCry, WCry, or Wanna Decryptor, targeting Windows-based systems globally. The WannaCry “ransomware” (a form of malware) propagates either through phishing campaigns or through the Microsoft vulnerability MS17-010 SMBv1. Once WannaCry enters a device, it encrypts the data on the device and demands a bitcoin ransom in exchange for releasing the data and unlocking the device.
GE Healthcare initial response
GE Healthcare has activated a cross-functional engineering, cybersecurity, services and technology team to undertake a full review of all products. Our teams around the world are continuously monitoring the situation to ensure customers and their services teams have access to the most up-to-date information available in a highly dynamic situation.
Microsoft has issued a patch for all currently supported versions of Microsoft Windows, including Windows Vista, Windows 7, Windows 8.1, and Windows Server 2008 through 2016. Additionally, since the attack, Microsoft has issued patches for Windows XP, Windows 8, and Windows Server 2003. Additional information regarding Microsoft’s support of this security incident can be found HERE.
What to expect?
GE Healthcare is committed to supporting our customers to maintain their systems and products in a cyber-secure manner. If customers have been affected by the ransomware, or if they have concerns about a particular product, they are encouraged to contact their GE Service representative or their GE Service Call Center. Although each customer has unique circumstances, as a general matter, for any device with a Microsoft version for which Microsoft has issued a patch (see above), support is likely to consist of the installation of a Microsoft-approved patch that is either installed by the customer or by our services team.
We are creating practical guidance for the installation process and distributing this guidance through GE Healthcare Service and Call Center teams for use in responding to customer questions.
GE Healthcare is providing Services representatives with ongoing updates from Microsoft and industry bodies to ensure customers receive the most current information. We are committed to partnering with our customers and other stakeholders to implement robust product security measures to protect the integrity of patient care around the world.