WannaCry Malware Infection & Outbreak Statement

May 17, 2017

You will have seen over the weekend the extensive cyberattack known as the WannaCry malware infection and outbreak that impacted healthcare organizations, financial institutions and universities globally. 

The Smiths Medical Cyber Security Engineering and Operations teams have been monitoring our systems for any signs of the WannaCry malware malicious software infections; no indicators of compromise or malware infections have been thus far discovered. In addition, we are educating our software engineering teams, and are working closely with our information services to ensure all necessary software patches are in place to protect our environment.  To our knowledge, no Smiths Medical product has been affected by the WannaCry Malware infection and outbreak.

According to Microsoft this ransomware spreads either by attachments/links in phishing emails or on malicious websites (“system zero infection”) or via an infected system that exploits a vulnerability in a Windows component used in the context of open file shares of other systems reachable on the same network. Certain details may be found on the following Microsoft page:

https://blogs.technet.microsoft.com/msrc/2017/05/12/customer-guidance-for-wannacrypt- attacks/

For products that are listening on network ports 139/tcp, 445/tcp or 3389/tcp, their exploitation exposure depends on the security measures within the network. In order to protect a product from exploitation it should be isolated from any infected system within its respective network segment (i.e., product deployed in a network segment separated by firewall control blocking access to network ports 139/tcp, 445/tcp and 3389/tcp).

If the above cannot be implemented we recommend the following:

  • If patient safety and treatment is not at risk, disconnect the uninfected product from the network and use in standalone mode
  • Reconnect the product only after the provided patch or remediation is installed on the system

    In addition, Smiths Medical Cyber Security Engineering recommends:

    • Ensure you have appropriate backups and system restoration procedures
    • For specific patch and remediation guidance information contact your local Smiths Medical sales or technical representative
    • Use of Active Directory (AD)
    • Use of Managed Services Accounts within AD
    • Network isolation for medical pumps and software applications via:
      • Virtual Local Area Network (VLAN)
      • Network address translation (NAT)
      • Dynamic Host Configuration Protocol (DHCP)
      • Use of Secure Socket Layer (SSL) Certificates issued from a bonafide Certificate Authority (CA) NOT Open SSL within your network when connecting to our software applications
      • Use of 2048 bit encryption as minimum within the SSL certificate environment


    The Smiths Medical Cyber Security Engineering team will continue to monitor the situation and provide further updates and/or suggestions if needed.



    Chris Holmes
    President and CEO
    Smiths Medical, ASD