MAUDE Adverse Event Report: SIEMENS MEDICAL SOLUTIONS USA, INC. SIEMENS SYNGO® SC2000 WORKPLACE; MEDICAL WORKSTATION

Model Number SYNGO® SC2000 WORKPLACE

Device Problems Computer Software Problem (1112); Computer System Security Problem (2899)

Patient Problem Not Applicable (3189)

Event Date 05/23/2017

Event Type  malfunction  

Manufacturer Narrative

No ultrasound systems have been reported to be infected with the wannacry virus.However, there is the potential for the virus to affect these products and halt system functionality.The resulting harm to the patient would be a possible delay in a procedure for a sedated patient, a reinsertion of a transesophageal transducer or catheter, or repeat of a stress echo exam.A hot fix will be issued to patch vulnerable systems.These hot fixes will follow the december 2016 postmarket management of cybersecurity in medical devices from the fda guidance for 806 reportability.The technical root cause of the problem is the wannacry ransomware software virus and its ability to lockup the system.The virus spreads by first infecting a single system on a network.The initial infection occurs when someone opens an attachment or link which runs the virus software.The virus can then spreads by exploiting vulnerability in the microsoft server message block (smb) functionality (used to share files and printers on the network).The exploit of the vulnerability allows full remote control of the device without any other prerequisite other than the fact that the attacking computer is on the same network as the ultrasound device, and that the ultrasound device is listening to certain tcp ports (139, 445, or 3389).Remote control of the device by an attacker can put patient's safety at risk in terms of misdiagnosis or denial of service when patients are being diagnosed.Those devices that are not capable of listening in on the exploited ports still have the vulnerability inside, however it is not possible for the attacker to "get to" or exploit such devices.

Event Description

The "wannacry" virus is a reportable event based on the potential for death or serious injury to occur.

Manufacturer Narrative

Investigation: the complaint was investigated for "wannacry" virus vulnerability on sc2000.The issue was to address a potential vulnerability of the sc2000 system to a ransomware virus: the wannacry virus.This ransomware software encrypts the data on the hard drive and then puts up a screen demanding money to decrypt the files.The issue was addressed with software patch releases in june 2017.Complaint reference #: (b)(4).

• Brand Name: SIEMENS SYNGO® SC2000 WORKPLACE
• Type of Device: MEDICAL WORKSTATION
• Manufacturer (Section D): SIEMENS MEDICAL SOLUTIONS USA, INC.; 685 east middlefield road; mountain view CA 94043 4050
• Manufacturer Contact: scott christiansen ; 685 east middlefield road; mountain view, CA 94043-4050 ; 4255571625
• MDR Report Key: 6615296
• MDR Text Key: 76775160
• Report Number: 3009498591-2017-00227
• Device Sequence Number: 1
• Product Code: ITX
• Combination Product (y/n): N
• PMA/PMN Number: K170315
• Number of Events Reported: 1
• Summary Report (Y/N): N
• Report Source: Manufacturer
• Source Type: company representative
• Remedial Action: Modification/Adjustment
• Type of Report: Initial,Followup
• Report Date: 12/11/2017

1 Device was Involved in the Event

1 Patient was Involved in the Event

• Date FDA Received: 06/06/2017
• Is this an Adverse Event Report?: Yes
• Is this a Product Problem Report?: No
• Device Operator: Health Professional
• Device Model Number: SYNGO® SC2000 WORKPLACE
• Device Catalogue Number: 10433921
• Device Lot Number: N/A
• Was Device Available for Evaluation?: Yes
• Was the Report Sent to FDA?: No
• Date Manufacturer Received: 11/15/2017
• Was Device Evaluated by Manufacturer?: Yes
• Is the Device Single Use?: No
• Is This a Reprocessed and Reused Single-Use Device?: No
• Type of Device Usage: Reuse
• Patient Sequence Number: 1
• Patient Outcome(s): Other