ARIA RADIATION THERAPY MANAGEMENT
Report
- Report Number
- 3003094912-2023-00001
- Event Type
- Injury
- Date Received
- July 28, 2023
- Date of Event
- July 3, 2023
- Report Date
- July 4, 2023
- Manufacturer
- VARIAN MEDICAL SYSTEMS
- Product Code
- IYI
- Adverse Event
- Yes
- Report Source
- Manufacturer report
- Reporter Location
- AG
- Reporter Occupation
- OTHER HEALTH CARE PROFESSIONAL
- Health Professional
- Yes
Narratives
VARIAN MEDICAL SYSTEMS COMPLAINT (B)(4) MEDICAL PROFESSIONAL ASSESSMENT : THE CUSTOMER WAS USING UNSUPPORTED ARIA [VERSION 10] WITH UNSUPPORTED MICROSOFT WINDOWS VERSION ON OUTDATED DELL HARDWARE AND WAS NOT PREPARED FOR CYBERATTACK. CYBERSECURITY GUIDELINES WERE NOT FOLLOWED; THERE WAS NO FIREWALL OR ANTIVIRUS PROGRAM. ARIA SYSTEM CONNECTED TO IMAGE SERVER HAD VIRUS MALWARE CAUSING ALL RT TREATMENT TO BE PLACED ON HOLD FROM (B)(6) 2023. TREATMENTS RESUMED ON (B)(6) 2023. THERE WAS NO DIRECT INJURY TO ANY PATIENT BUT TREATMENT INTERRUPTION OF ABOUT 3 WEEKS HAS THE POTENTIAL TO DECREASE EFFICACY OF RADIATION TREATMENT. NO FURTHER MEDWATCH FOLLOW UPS WILL BE PROVIDED.
THE PATIENT'S DATA FOLDER SHARE (\\VARIANIMG\VA_DATA$\FILEDATA) HOSTED ON THE ARIA IMAGE SERVER CANNOT BE REACHED ANYMORE BY ARIA NOR ECLIPSE. ARIA AND ECLIPSE APPLICATIONS CANNOT FUNCTION ANYMORE. VARIAN'S SDS AND VARIAN'S CYBERSECURITY INCIDENT RESPONSE TEAM WERE INVOLVED QUICKLY TO INVESTIGATE THE REPORTED ISSUE. THE INVESTIGATION FOUND THAT BOTH ARIA SERVERS (ARIA DATABASE SERVER AND ARIA IMAGE SERVER) HAD THEIR SHARED FOLDERS BEING INACCESSIBLE THROUGH THE NETWORK. THE COMPLAINT'S ALLEGATION IS CONFIRMED: THE PATIENT'S DATA FOLDER CANNOT BE ACCESSED ANYMORE BY THE ARIA/ECLIPSE APPLICATIONS. THE INVESTIGATION FOUND THAT A MALICIOUS ATTACK STARTED ON (B)(6) 2023. TIME OF INFECTION OF VARIANIMG: (B)(6) 2023 10:08 TIME OF INFECTION OF VARIANDB: (B)(6) 202309:45 BECAUSE OF THIS ATTACK, THE 2 ARIA SERVERS STARTED TO MALFUNCTION ON (B)(6) 2023, DATE OF THE ISSUE REPORTED BY THE CUSTOMER AND ALL PATIENT TREATMENTS WERE PLACED ON HOLD. TOTAL NUMBER OF PATIENTS WAS 83. TREATMENT WAS POSTPONED ON (B)(6) 2023 FOR ALL PATIENTS. TREATMENT WAS RESTARTED ON (B)(6) 2023. THE ROOT CAUSE OF THE ISSUE WAS IDENTIFIED AS A VARIANT OF THE "ROOTKIT/TROJAN PURPLEFOX". THE ARIA APPLICATIONS WERE FOUND TO WORK AS INTENDED. THE MALICIOUS ATTACK THAT LED THE ARIA SERVERS TO MALFUNCTION HAPPENED BECAUSE OF THE FOLLOWING FACTORS: CUSTOMER WAS USING OUTDATED DELL HARDWARE CUSTOMER WAS RUNNING AN UNSUPPORTED VERSION OF ARIA (ARIA V10) AND THEREFORE HAD NO MORE VARIAN SERVICE CONTRACT CUSTOMER WAS RUNNING UNSUPPORTED OPERATING SYSTEMS (WINDOWS SERVER 2008 AND WINDOWS 7: BOTH REACHED END OF SUPPORT ON (B)(6) 2020) CUSTOMER DID NOT APPLY ANY CYBERSECURITY GUIDELINES NO VALID ANTIVIRUS SOLUTION IN PLACE (ONLY AN EXPIRED TRIAL PERIOD ANTIVIRUS WAS FOUND) ARIA INFRASTRUCTURE WAS DIRECTLY CONNECTED TO INTERNET: NO FIREWALL WAS ENABLED THE CUSTOMER HAD A VALID DATA BACKUP FROM THE (B)(6). AFTER VERIFYING THE DATA WAS CLINICALLY VALID, THE WHOLE ARIA ENVIRONMENT WAS REIMAGED AND THE DATA BACKUP WAS RESTORED. THE CUSTOMER WAS ABLE TO RESUME PATIENTS TREATMENT ON (B)(6) 2023. NO ADDITIONAL CORRECTIVE ACTION NEEDED SINCE THE CUSTOMER ALREADY RESUMED TREATMENT AND SINCE NO VARIAN APPLICATION PRESENTED ANY MALFUNCTION. IN ORDER TO PREVENT FUTURE ATTACKS, THE FOLLOWING CUSTOMER FACING DOCUMENTATION IS AVAILABLE TO VARIAN CUSTOMERS: (B)(4) - VARIAN CYBERSECURITY ADMINISTRATION REFERENCE GUIDE SECURITY IMPLEMENTATION GUIDES AND DOCUMENTATION ON DISASTER CONTINGENCY REPORTS, WHERE APPLICABLE FOR THE CUSTOMER'S VERSION, ARE AVAILABLE ON MYVARIAN.COM.
THE SDS TEAM INVESTIGATED AN ISSUE WHERE THE CLIENT WORKSTATIONS ARE UNABLE TO ACCESS SMB SHARED LOCATED ON THE VARIANIMG AND VARIANDB SERVERS. DURING THE COURSE OF THE INVESTIGATION, WE NOTICED A CONSIDERABLE NUMBER OF CONNECTIONS BEING ESTABLISHED ON PORT 445 TO INTERNET ADDRESSES WHICH WE CONSIDER A MALICIOUS THREAT. THIS IS A SCREENSHOT OF THE CONNECTIONS FROM THE VARIANIMG SERVER ON PORT 445 (SMB):
INFORMATION PROVIDED BY (B)(6). AWARE DATE: JULY 19TH 2023. EVENT DATE: (B)(6) 2023. THE SDS TEAM INVESTIGATED AN ISSUE WHERE THE CLIENT WORKSTATIONS ARE UNABLE TO ACCESS SMB SHARED LOCATED ON THE VARIANIMG AND VARIANDB SERVERS. DURING THE COURSE OF THE INVESTIGATION, WE NOTICED A CONSIDERABLE NUMBER OF CONNECTIONS BEING ESTABLISHED ON PORT 445 TO INTERNET ADDRESSES WHICH WE CONSIDER A MALICIOUS THREAT. 83 PATIENTS WERE AFFECTED AND HAD TREATMENT POSTPONED. PATIENT TREATMENT WAS POSTPONED ON (B)(6) 2023 AND RESUMED ON (B)(6) 2023.
Devices
| Seq | Brand | Generic | Product Code | Manufacturer | Model | Lot | UDI-DI |
|---|---|---|---|---|---|---|---|
| 1814758 | ARIA RADIATION THERAPY MANAGEMENT | LINEAR ACCELERATOR | IYI | VARIAN MEDICAL SYSTEMS | HIT3904 |
Patients
| Seq | Age | Sex | Outcome | Treatment |
|---|---|---|---|---|
| 1 | Unknown | Other |