Microsoft is delivering this new nag notification to Windows 7 users by making it part of a patch rollup. The coming notification will be embedded in monthly rollup KB4530734, which Microsoft is making available to Windows 7 SP1 users on December 10 as part of its Patch Tuesday set of updates. This patch will configure Windows 7 PCs that receive it so they will display the January 15 notification starting on that date. 

Those who see the full-screen warning will have three options: Remind me later; Learn more; or Don't remind me again. If users don't click on the "Don't remind me again" button and just dismiss the screen, they will continue to get nag warnings.

Basic security of Canon Medical Systems Corporation medical devices
Possible threats to image inspection devices include abnormal device operation and termination due to cyber-attacks and malware infection which potentially could lead to data loss, falsification, or data leakage in the device. Such cyber-attacks and malware infections may also occur using external media inserted into healthcare networks and devices.

For this reason, we have adopted normative security for intrusions via the network, such as eliminating e-mail services, IIS, web services, stopping unnecessary services, and blocking unintended communications by the host firewall on the device or external firewall appliances (optional). For intrusions via external media, precautions should be taken: (i) perform a malware scan of the media before use (ii) prevention of autorun (iii) Whitelist program that disables and unregistered programs from executing.

As Cybersecurity is a shared responsibility of the Medical Device Manufacturer and the healthcare facility, it is also requested the healthcare facility provides security measures to minimize the risk of malware transversing the network.

Basic security of Canon Medical Systems Corporation medical devices
Security support for imaging devices that use Windows® 7 and Windows® Server 2008 does not end in January 2020. Measures are implemented to provide continued risk management for any new vulnerabilities that are discovered after January 2020. These vulnerabilities can be reported using the security incident response email: CMSCProductSecurity@medical.canon. There may be many different types of mitigations offered to minimize the threat, therefore minimizing the risk of newly discovered vulnerabilities. For these reasons, the use and functionality of the Windows® 7 and Windows® Server 2008 imaging devices manufactured by Canon Medical Systems Corporation continue to operate properly with minimally expected impact.

Response to Microsoft's end of support
Canon Medical Systems Corporation continuously monitors vulnerability information disclosed by US ICS-CERT, JPCERT / CC, etc., and have established a system to respond to security incidents on our equipment. Canon Medical Systems Corporation will provide information disclosure including risk reduction measures if a serious vulnerability related to the OS is found through this activity. REF: https://global.medical.canon/)

For further inquiries regarding the installation of external firewalls, upgrades to Windows® 10, etc., final security patches for Windows® 7 and Windows® Server 2008, etc. to further enhance security, please contact your local Canon Medical Systems team.

Further information to customers

Healthcare facilities demand Medical Device Manufacturers to provide Safety measures and management based on risk analysis results. Canon Medical Systems Corporation takes these demands very seriously and strives to provide the highest level of protection using the methods described above. Please feel free to contact your local Canon Medical Systems if you have any further questions or concerns.