[135859995]
The pentax epk-i5010 endoscopy light source and digital recorder, when directly connected to a hospital communication network, is susceptible to malware infection resulting from eternalblue/wannacry attacks. This is a result of device internal software ((b)(6) embedded) not being patched to protect against this vulnerability. It is not possible for end users to patch this software themselves or disable the threat on the device. The hospital has around 12 of these systems. The device is expected to recover from an attack after a reboot by reloading its operating software. If attacked, until it has been rebooted it is able to carry out the design of the malware possibly effecting other systems on the hospital network. This poses a risk to patient care because a system being infected would cause a delay while the system is pulled from service and rebooted. It also poses a threat to other systems on the network which hold patient information. Appropriate mitigation is to use a firewall to block communication with the epk-i5010 on port 445. Manufacturer response for video processor, epki-5010 (per site reporter). Pentax has been made aware of this vulnerability and is reported to be devolving an official software patch to eliminate this risk. Their last message to us where they stated they are hoping for a patch to be released in mid-(b)(6) to u. S. Customers.
Patient Sequence No: 1, Text Type: D, B5