• Japanese
  • Site Map
  • Contact Us
Help

Home >> May. 23, 2017

Toshiba Medical’s approach to Ransomware (WannaCry) Cyber-attack

Please find herewith Toshiba Medical Systems Corporation (“TMSC”)’s statement as to the vulnerability of its medical equipment(s) (“Product(s)”) to the Ransomware cyber-attack.

Impact on Medical Device by the Ransomware (WannaCry) Cyber-attack

The starting point of this Cyber-attack is to open an email attachment or download a file by accidentally clicking on a malicious URL while accessing a web page. Such everyday operation exploits Microsoft's Windows® OS vulnerability so that a malicious program disables computer operation, encrypts data file to make it unavailable or attacks other computers. The attacks from infected computers within a facility are actual threats for medical equipment and those attacks looks like DDoS attack (Distributed Denial of Service attack).

TMSC's approach to Ransomware (WannaCry) Cyber-attack

We would like to assure all our customers that taking necessary measures to the Ransomware (WannaCry) Cyber-attack is our highest priority and to restore all our Products to normal operation as soon as possible. Currently we are evaluating an impact by the MS17-010’s vulnerability for each Product. When we find any critical impacts by Ransomware (WannaCry) in our Product, we will inform you if there is an appropriate measure for you to take for the Product(s) installed in your facility. In the meantime, please reconfirm the instruction manual of TMSC product(s) which states the necessary items you shall comply with when using the Product. Also, if a computer-virus infection occurs in your facility, please take measures to prevent the spread of the infection by isolating the infected network as soon as possible and please contact our service.

The following measures are effective in your network environment to prevent Ransomware (WannaCry) Cyber-attack

  1. Control network route
    Identify the computers permitted to access the Product and change the network routing table in a network device such as router or firewall to prohibit the communication from computers other than those permitted computers.
  2. Control of communication protocol and communication port
    Since Ransomware Cyber-attack uses the following communication protocol and communication port, change the firewall setting of the network device (Product) in the facility so as not to permit such communications.

Service Name
Protocol Type and port number
NBT-NetBIOS Naming Service
TCP/UDP 137 port
NBT-NetBIOS Datagram Service
UDP 138 port
NBT-NetBIOS Session Service
TCP 139 port
Direct Hosting SMB
TCP 445 port