TO: / All MSG and Corporate Shared Services Employees
FROM: / Erich Lukas, Senior Manager, Technical Communications, Regulatory Affairs & Quality Assurance
SUBJECT: / Updated Cyberthreat Guidance For Olympus Medical Products
Olympus consistently strives to enhance our information security protocols and assess cyber threats to protect the Company and our customers. This message includes follow-up information to the guidance communication distributed on May 19 regarding the WannaCry ransomware event. Additional communications will be released either in response to new cyber threats or to provide vulnerability findings for Olympus Medical products in addition to those listed below.
The table below shows which Olympus products have been tested and validated with the Microsoft security bulletins recently released and recommended by Microsoft to address exploits used by the Wannacry and Petya ransomware viruses.
Product / Approved For Deployment / CommentsBrainlab Kick/Kick EM / MS17-010*
CVE-2017-0200* / *All Brainlab systems, except those running Windows XP SP2 have been tested and are approved for the Windows Security patches for the most recent exploits.
Endocapsule / MS17-010
CVE-2017-0199 / NA
EndoWorks / NA / Olympus no longer publishes approved Windows Updates for EndoWorks. However if a customer's internal security policy permits, customers may attempt to apply the appropriate Microsoft patches on EndoWorks if they have completed a full system backup prior to patch application. Failed patch attempts requiring on premise software assistance by Olympus may necessitate customer incurred charges.
Image Stream nStream + / MS17-010
CVE-2017-0199 / NA
Image Stream Vaultstream / MS17-010
CVE-2017-0199 / NA
IN10A / MS17-010
CVE-2017-0199 / NA
Knowledge Exchange (KE) / MS17-010
CVE-2017-0199 / NA
In all instances, customers electing to deploy the MS17-010 and other subsequently-released security bulletins based on their facility's security policies should first ensure that there is a valid immediate backup. Customers may contact TAC at 800-848-9024 if they require any assistance backing up or restoring their data.
In addition, Olympus manufacturing business centers (MBCs) are also currently assessing potential risk to other Windows-based products.
For non-IT based medical devices running embedded versions of the Windows operating system, Olympus is currently assessing vulnerabilities and cyber threats in general. At this time, Olympus can confirm that the Diego Elite Multidebrider Platform has been determined secure. This is due to a lack of networkability (wireless or physical), and security measures that limit functionality of the on-board USB port, amongst other factors.
More information will be forthcoming as Olympus continues to assess individual product vulnerabilities.
More information and guidance from Microsoft can be found at:
https://blogs.technet.microsoft.com/msrc/2017/05/12/customer-guidance-for-wannacrypt-attacks/
For any customer inquiries, please direct them to the Olympus Medical “Important Customer Information” page.
Thank you for your attention to this important matter.