VIRUS PROTECTION POLICY APPLICABLE PRODUCTS All KMMI Digital Products, including Xpress and IQUE CR, REGIUS 350/370, DryPro Imagers and PrintLink. ORIGINATOR Eunice K. Lin, Marketing Manager, CR & PACS DATE July 10, 2006 INTRODUCTION This product bulletin explains Konica Minolta Medical Imaging s policy regarding virus protection for all of its digital products. PROTECTING KMMI DIGITAL PRODUCTS FROM MALICIOUS SOFTWARE Malicious software not only corrupts a computer system once it gains access, it also has the ability, primarily through the use of electronic mailing, to spread itself to other computer systems. In general, there are two ways to protect a system from a potential threat. 1) Use anti-virus software to look for the virus and either remove the virus from the system or prevent it from entering the system. 2) Update the operating system with the latest critical updates or security patches from Microsoft. Microsoft releases these critical updates to repair vulnerabilities that the virus software finds in the operating system that allows the virus to corrupt the computer and/or to spread itself. Konica Minolta Medical Imaging participates in virus protection by providing security updates or patches to its Windows operating system on all of its digital products. This ensures that our products run on the most robust operating system. Due to rigorous regulatory compliance requirements as well as our own quality and performance standards, each patch is subject to extensive testing prior to becoming approved for use on KMMI digital products. A time lapse is therefore expected before a security patch is available for installation on a Konica Minolta medical device after its release by Microsoft. While the opportunity for a virus invasion is small for medical devices, as these devices do not offer electronic mailing or internet access, the two major gateways for virus entries, these medical devices are nonetheless still vulnerable by simply being part of a facility s network system. A virus can still enter through other parts of the network and spread throughout the entire network, including the imaging modalities. Anti-virus software is not a software option for Konica Minolta digital products. However, to satisfy requests by end users with technical competencies, Konica Minolta has tested several anti-virus software programs for use with strict guidelines and procedures. Currently, the approved anti-virus software are the client versions of McAfee Total Protection Enterprise, Norton Antivirus Corporate Edition, Trend Micro Corporate Edition and F-Secure Anti-Virus. The customer will be solely responsible for their purchase, KONICA MINOLTA MEDICAL IMAGING USA, INC. 1
installation and maintenance (both software version upgrades and definition file updates). During the installation, however, a service engineer will be required on site to provide access to the operating system. This is a billable service. HEALTHCARE FACILITY RESPONSIBILITIES Because our digital products are installed within the healthcare facility s network, we depend on the end users to provide maximum protection from virus invasion into their network. Customers can protect their network from security attacks by employing the following practices: Use technical network defenses, such as firewalls, network virus scanners, intrusion detection systems, audit records, and VLANS. Prepare policies, procedures, and user training (i.e. safe practices while on an intranet) Restrict physical access whenever possible Establish secure remote access for servicing, such as Secure VPN. Notify the appropriate vendor in the event of a virus attack. Disconnect the device from the network to avoid spreading the virus to other devices. Each facility must evaluate its local requirements and use every measure possible to increase the level of protection against the threats imposed by a malicious virus. VIRUS PROTECTION SERVICE POLICY MMMI s policy on virus protection is as follows: 1. Only authorized KMMI personnel can install approved security patches during scheduled preventive maintenance visits. Scheduled preventative maintenance (PM) visits are automatically available to customers with products covered under warranty or a purchased Customer Satisfaction Agreement. 2. Customer with products out-of-warranty and not covered by a Customer Satisfaction Agreement may request the installation of security patches at a billable service rate. Any customer requesting a patch installation outside of the routine PM visits will also be billed at the standard service rate. 3. In the event of a virus attack on KMMI products, KMMI will dispatch a trained service engineer to diagnose and repair the virus infection on site at the billable service rate. This is applicable to all customers regardless of warranty or agreement status. KONICA MINOLTA MEDICAL IMAGING USA, INC. 2
4. Installation of non-approved anti-virus software or security patches on KMMI products will render product warranty invalid. Installation of security patches by non-kmmi authorized personnel will also render product warranty invalid. The.Anti-Virus Software Installation Guideline is available to qualified technical personnel upon request by contacting Konica National Technical Support at 1-800-945-0456. KONICA MINOLTA MEDICAL IMAGING USA, INC. 3
KONICA MINOLTA MEDICAL IMAGING Medical Products Virus Protection Policy JULY 10, 2006 At Konica Minolta Medical Imaging USA, Inc. (KMMI) our goal is to help protect KMMI products from malicious software attacks, as well as to assist our customers in the event an attack on KMMI products does occur. While healthcare facilities are responsible for providing maximum security on their network infrastructure, KMMI assists our customers to correct any immediate problem until a security patch becomes available. KMMI takes the following preventive measures to minimize its medical products exposure to malicious virus attack: Provide password protection that limits system access to authorized uses only. Configure the operating system services that minimize system exposures. Validate and approve security patches for installation on KMMI products. Due to rigorous regulatory requirements and KMMI quality and performance standards, each patch is subject to extensive testing and validation prior to becoming approved for installation on KMMI products. Only KMMI approved patches may be installed on KMMI products by KMMI authorized personnel. Install approved security patches during scheduled preventive maintenance visits for products covered under warranty or Customer Satisfaction Agreements. For out-of-warranty, non-contract products, KMMI will install security patches per KMMI service billing schedule. Validate and approve anti-virus software programs for installation on KMMI digital products. In the event a security attack occurs at the healthcare facility s network, and consequently on KMMI products, please contact KMMI National Technical Support immediately for assistance (1-800-945-0456). Once KMMI National Technical Support confirms the virus attack, a qualified KMMI service engineer or authorized agent will be dispatched to the site to repair virus infections and restore the systems to working condition. This is a billable service to all KMMI customers. Installation of non-konica approved patches or installation by non-kmmi certified personnel on KMMI products will render product warranty invalid. Furthermore, installing non-approved anti-virus software on KMMI products or inappropriate installation of approved anti-virus software may compromise performance and will also render product warranty invalid. To optimize a network system s security from virus attack, consider employing the following practices: KONICA MINOLTA MEDICAL IMAGING USA, INC. 4
Use technical network defenses, such as firewalls, network virus scanners, intrusion detection systems, audit records, and VLANS. Prepare policies, procedures, and user training (i.e. safe practices while on an intranet) Restrict physical access whenever possible Establish secure remote access for servicing, such as Secure VPN. Notify the appropriate vendor in the event of a virus attack. Disconnect the device from the network to avoid spreading the virus to other devices. Each facility must evaluate its local requirements and use every measure possible to increase the level of protection against the threats imposed by a malicious virus. KMMI will support our customers to resolve all virus-related problems that impact the performance of our equipment. Thank you and we appreciate your support of Konica Minolta Medical Imaging products. KONICA MINOLTA MEDICAL IMAGING USA, INC. 5
KONICA MINOLTA MEDICAL IMAGING Anti-Virus Software Installation Guidelines JULY 10, 2006 Approved Anti-Virus Protection Software Only the client software of the following anti-virus programs are currently approved for installation on the Control Stations of Konica Minolta Computed Radiography family of products: McAfee Total protection Enterprise v7.0 Norton AntiVirus Corporate Edition v9.0 Trend Micro Corporate Edition v5.58 F-Secure Anti-Virus v6.0 Installation of non-approved software, or personal version instead of client software of corporate/enterprise version may compromise system performance and will render product warranty invalid. Installation A Konica Minolta Field Service Engineer, authorized agent, or a certified bio-medical engineer is required on-site to provide access to the operation system in order to install the software. Please contact Konica Minolta National Technical Support at 1-800-945-0456 to arrange for the service. Configuration Please observe the following when configuring the anti-virus client software Do not configure for real time scanning, as this will slow down system performance Do not configure for scheduled virus scan at times of peak usage. Do not configure the device to access virus definition file directly from the internet. Do schedule virus scan during off hour operations. Do configure the device to access virus definition file directly from the facility s server Do exclude the Konica Minolta Directory from the scanning targets (C:\Koncaminolta) As a reminder, only the client software of enterprise distribution of antivirus software is permitted for use. KONICA MINOLTA MEDICAL IMAGING USA, INC. 6