Canon Medical Systems’ approach to Ransomware (WannaCry) Cyber-attack

Please find herewith Canon Medical Systems Corporation (Canon Medical Systems)’s statement as to the vulnerability of its medical equipment(s) (“Product(s)”) to the Ransomware cyber-attack.

  • Impact on Medical Device by the Ransomware (WannaCry) Cyber-attack
    The starting point of this Cyber-attack is to open an email attachment or download a file by accidentally clicking on a malicious URL while accessing a web page. Such everyday operation exploits Microsoft's Windows® OS vulnerability so that a malicious program disables computer operation, encrypts data file to make it unavailable or attacks other computers. The attacks from infected computers within a facility are actual threats for medical equipment and those attacks looks like DDoS attack (Distributed Denial of Service attack).

  • Canon Medical Systems' approach to Ransomware (WannaCry) Cyber-attack
    We would like to assure all our customers that taking necessary measures to the Ransomware (WannaCry) Cyber-attack is our highest priority and to restore all our Products to normal operation as soon as possible. Currently we are evaluating an impact by the MS17-010’s vulnerability for each Product. When we find any critical impacts by Ransomware (WannaCry) in our Product, we will inform you if there is an appropriate measure for you to take for the Product(s) installed in your facility. In the meantime, please reconfirm the instruction manual of Canon Medical Systems product(s) which states the necessary items you shall comply with when using the Product. Also, if a computer-virus infection occurs in your facility, please take measures to prevent the spread of the infection by isolating the infected network as soon as possible and please contact our service.

  • The following measures are effective in your network environment to prevent Ransomware (WannaCry) Cyber-attack
    1. Control network route
      Identify the computers permitted to access the Product and change the network routing table in a network device such as router or firewall to prohibit the communication from computers other than those permitted computers.
    2. Control of communication protocol and communication port
      Since Ransomware Cyber-attack uses the following communication protocol and communication port, change the firewall setting of the network device (Product) in the facility so as not to permit such communications.

Service NameProtocol Type and port number
NBT-NetBIOS Naming ServiceTCP/UDP 137 port
NBT-NetBIOS Datagram ServiceUDP 138 port
NBT-NetBIOS Session ServiceTCP 139 port
Direct Hosting SMBTCP 445 port