Cybersecurity Announcements
Medical Device Security Updates
In an effort to maintain product security and customer satisfaction, Mindray evaluates known cybersecurity threats. These efforts include identifying to what extent known threats can impact patient care as well as the efficacy of released patches pertaining to any particular Mindray embedded operating system version.
Microsoft Windows Server 2012 End of Support
On October 10, 2023 Microsoft will end support of Windows Server 2012 and Windows Server 2012 R2.
After this date Microsoft will no longer offer support or provide security updates. As a result Mindray will no longer be able to provide operating system level support or security patches, Mindray will continue to be able to provide product level support for products impacted.
Learn more>>
Microsoft Windows 7 End of Support
On January 10, 2023 Microsoft ended support of Windows 7. After this date, Microsoft will no longer offer support or provide security updates. As a result, Mindray will no longer be able to provide operating system level support or security patches for Windows 7 products. Mindray will continue to provide product level support for products impacted.
Learn more>>
TLStorm 2.0
On May 3, 2022, Armis Research published a report called TLStorm 2.0. Armis has discovered five vulnerabilities in the implementation of TLS communications in multiple models of Aruba and Avaya switches. Both vendors have been found to have switches vulnerable to remote code execution (RCE) vulnerabilities that can be exploited over the network.
Log4j2
On December 9, 2021 a high severity vulnerability (CVE-2021-44228) referred to as Log4j2 was published on GitHub which impacts Apache Log4J and the affected version ranges from 2.0 to 2.14.1. The exploitation of vulnerabilities can cause unauthenticated remote code execution.
Nucleus:13
On November 9, 2021, Forescout Research published a report called NUCLEUS:13. The report details research they conducted into the Nucleus NET, the TCP/IP stack of the Siemens owned Nucleus real-time operating system (RTOS), where they found 13 new vulnerabilities. These vulnerabilities will cause security risks to devices using the Nucleus RTOS.
Print Nightmare Security
On July 7, 2021 Microsoft released “Out-of-Band” patches to address security vulnerabilities affecting the Windows operating system, these vulnerabilities are commonly known as “Print Nightmare” or “Chaos Print Nightmare”. The released patches (CVE-2021-1675 and CVE-2021-34527) address weaknesses which if exploited would allow a hacker to run arbitrary code with system level privileges.
Urgent/11
On October 1, 2019 FDA issued a Safety Communications regarding the Urgent/11 Cybersecurity vulnerabilities. These vulnerabilities exist in a third-party software component, IPNet, used for network communications. IPNet is utilized in several real-time operating systems which may be incorporated into some medical devices. Mindray has not and does not use the identified operating systems in any product sold in North America.
Learn more>>
WannaCry Worm
The WannaCry Worm identified in May, 2017 impacted Windows Operating Systems around the world. Microsoft released a patch (MS17-010) to address the vulnerabilities exploited by the WannaCry Worm. Mindray has evaluated this patch and is ready to deploy where applicable. If you feel you have been exposed to WannaCry and would like more information, please contact Mindray Technical Support HIS group.
Learn more>>
Petya Malware
The Petya Malware was first identified in March 2016. Microsoft addressed the vulnerabilities exploited by Petya Malware in the Microsoft Patch (MS17-010). Mindray has evaluated this patch and is ready to deploy where applicable. If you feel you have been exposed to Petya Malware and would like more information, please contact Mindray Technical Support HIS group.