The Medical Imaging & Technology Alliance Offers Guidance on Mitigating

FDA-Announced URGENT11 Vulnerabilities in Medical Imaging Devices

Rosslyn, VA, October 01, 2019 --(PR.com)-- In response to the Food and Drug Administration's (FDA)
recent announcement about revelations of a suite of vulnerabilities known as “URGENT/11,” the Medical
Imaging & Technology Alliance (MITA) today released a list of general recommendations for health
delivery organizations (HDOs) to consider. Recognizing that the security of medical imaging is a shared
responsibility, MITA is communicating this information to assist HDOs that may be concerned about the
impact of the vulnerabilities on their systems.

The “URGENT/11” vulnerabilities reside in the TCP/IP stack (IPnet), a component of several Real-Time
Operating Systems (RTOS), most notably in certain versions of VxWorks. The vulnerabilities are
identified by the following CVE numbers:

CVE-2019-12255
CVE-2019-12256
CVE-2019-12257
CVE-2019-12258
CVE-2019-12259
CVE-2019-12260
CVE-2019-12261
CVE-2019-12262
CVE-2019-12263
CVE-2019-12264
CVE-2019-12265

MITA Recommendations for Healthcare Delivery Organizations

Contact your device manufacturer to obtain information about whether your device is impacted.

Ensure you follow the manufacturer's process for making any changes and follow the appropriate backup
and system restoration procedures.

Apply provided security updates to impacted devices as soon as they become available.

Ensure your networks are protected with appropriate mechanisms (e.g., firewalls, network segmentation,
virtual private networks) and follow any recommended security guidelines provided by the manufacturer.

Additional Information

Vendor-specific security information is also available from many medical imaging manufacturers. Visit
www.medicalimaging.org/urgent-11 to view the most up-to-date list of vendor-specific links. The list will
continue to be updated as more information becomes available.

Page 1/3
PR.com Press Release Distribution Terms of Use
Baxter (https://www.baxter.com/product-security)

Canon Medical Systems USA (https://us.medical.canon/download/VXWorks)

Carestream (https://www.carestream.com/en/us/services-and-support/cybersecurity-and-privacy)

Dräger (
https://static.draeger.com/security/download/2019-07-29-WindRiver-VxWorks-Security-Advisory.pdf)

GE Healthcare (https://www.gehealthcare.com/security)

Philips (https://www.usa.philips.com/healthcare/about/customer-support/product-security)

Siemens Healthineers (https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity

)

FUJIFILM Sonosite (https://www.sonosite.com/support/cybersecurity-alert-urgent-11)

The Medical Imaging & Technology Alliance (MITA), a division of NEMA, is the collective voice of
medical imaging equipment manufacturers, innovators, and product developers. It represents companies
whose sales comprise more than 90 percent of the global market for advanced medical imaging
technology. For more information, visit www.medicalimaging.org. Follow MITA on Twitter
@MITAToday.-----

Page 2/3
PR.com Press Release Distribution Terms of Use
Contact Information:
Medical Imaging and Technology Alliance
Tracy Cullen
703-841-3282
Contact via Email
https://www.medicalimaging.org/

Online Version of Press Release:

You can read the online version of this press release at: https://www.pr.com/press-release/796059

News Image:

Page 3/3
PR.com Press Release Distribution Terms of Use