Conficker Infects Hospital Diagnostic Equipment

New stories, like this one by Stephanie Condon in CNET News,  hit over the weekend about Conficker infections to hospital devices used in diagnostics, some in trauma centers and intensive care units.  Given my time in the security industry and my pre-disposition not to be a conspiracy theorist or general worrier, I am used to accepting news of cyber crime without much visceral reaction.  But this strikes me a bit close to home.

I recently had an MRI for a shoulder issue and now I find myself thinking that the devices used to guide my doctor toward decisions about if I will be having surgery and exactly what will be done may have been infected by Conficker.  I carried the MRI images in digital form from the hospital where the MRIs were performed to my doctor’s office, and now I wonder if I was an unwilling pawn in a sneakernet based process of spreading something quite malicious.

Conficker has certainly changed the conversation about cyber crime and brings a certain mental edge to that conversation.  For example, it has raised the awareness that malicious activity can go well beyond IT processes and affect the infrastructure of our daily lives – power grids, hospital equipment and the like.  Kind of like the Y2K scare that had reasonable and sane people stockpiling freeze dried foods in their basement. While Conficker waits for instructions, its apparent lack of activity causes an uneasy silence that plays on the psyche while we process the latest revelations of infection and extrapolate the potential consequences of these revelations. 

I don’t know if Conficker was written to get into the minds of the general public, but it sure seems to be doing so.  It has sure gotten into mine.