Product Security

May 18, 2017

Dear Valued Customer,

This letter is to raise your awareness of a new ransomware referred to as “Wannacry” that was introduced globally on May 12, 2017 targeting all Microsoft Windows® operating systems. If your system is infected, this ransomware will encrypt the data files on the infected system and request a ransom to release the encrypted data files. If you have a system in your facility that is affected by this ransomware, bioMérieux , Inc. recommends you immediately disconnect the system from your network and contact your local IT department for further guidance.

We are currently in the process of implementing action plans with our customers to help guide them through the proper steps required to minimize risk and exposure from this ransomware for systems supporting bioMérieux, Inc. instrumentation.

Recommended Preventive Actions

1. Identify the correct Microsoft patch to install on a bioMérieux, Inc. system

Microsoft has released a security patch for the WannaCry ransomware vulnerability specific to each Windows Operating System version. Listed below are the Windows Operating Systems versions and appropriate patches.

Windows XP:

The only patch available for Windows XP is KB4012598

Windows 7 & Windows Server 2008:

Microsoft released a monthly security patch in March, 2017 to fix the WannaCry vulnerability. Each consecutive monthly security patch includes fixes from previous monthly patches. Your IT department only needs to install 1 of the 4 patches listed below to be protected.

KB4012212 (Released March, 2017)
KB4012215 (Released March, 2017)
KB4015549 (Released April, 2017)
KB4019264 (Released May, 2017)

2. Verify Windows Operating System (OS) version and computer model

  1. Log into the system with local administrator login
  2. Right click on the computer icon and select Properties from the drop-down menu
Windows Embedded Standard 7 (32 bit) Windows XP Embedded Service Pack 3
Windows Server 2008 (64-bit)

3. Verify if the current Microsoft patch is installed

Windows 7 & Windows Server 2008:

  1. Click the Start button in the bottom left corner of the Task bar
  2. In the Search field type windows update
  3. Click on the Windows Update program
  4. Click on View update history
  1. To aid in searching for the installed patch, sort the 1st column alphabetically by clicking on Name at the top of the list.

Windows Embedded Standard 7:

Windows Server 2008:

Windows XP:

  1. Click the Start button in the bottom left corner of the Task bar
  2. Select Settings > Control Panel
  3. Double click Add or Remove Programs
  1. Select Show Updates option

If the current Microsoft patches are not installed on the bioMérieux, Inc. systems, we recommend you work with your IT department to apply the appropriate patch using the directions listed below.

NOTE: After applying the patch to the MYLA® server, please use the RESTART shortcut on the server desktop. This insures MYLA services are closed properly.

To ensure additional protection from this ransomware and future attacks, bioMérieux, Inc. will not access this system remotely until we have confirmation from you that the appropriate security patch has been applied. Troubleshooting support will be provided through verbal instruction or on-site support as deemed necessary by bioMérieux, Inc.

bioMérieux, Inc. is dedicated to ongoing product improvements in order to provide you with innovative diagnostic solutions and services that improve public health. If you have any questions, please contact your local bioMérieux, Inc. Clinical Customer Service organization at (800) 682-2666.

Sincerely,

US Commercial Operations

bioMérieux, Inc.

Pioneering diagnostics