Reports have surfaced that the WannaCry ransomware has infected actual medical devices, not just computers at medical facilities.

An image of one such infection has been passed to a Forbes reporter on Wednesday. The infected medical device was a Bayer Medrad, radiology equipment that injects contrast agents inside the human body to aid in MRI scans.

The WannaCry ransomware infected this system because it was running on a version of the Windows Embedded operating system and supporting the SMBv1 protocol, WannaCry's initial point of infection.

Medical equipment vendors issue security alerts

The source would not confirm in which hospital the infection took place, but a Bayer spokesperson admitted it received two reports of WannaCry ransomware infections that took root on its medical devices.

Furthermore, a source with the Health Information Trust Alliance (HITRUST) revealed that WannaCry also infected and locked down Windows-based medical devices belonging to Siemens. The company later confirmed that Siemens Healthineers products are vulnerable to WannaCry attacks in an advisory.

On the same day, other manufacturers of medical devices, such as Smiths Medical, Medtronic, and Johnson & Johnson, have also published security alerts, albeit there are no reports that their devices have been infected.

Ransomware usually encrypted data on PCs, not medical devices

Ransomware, not necessarily WannaCry, has targeted hospitals in the past. Usually, these ransomware families infected and lock down computers used by doctors and pharmacists, preventing hospital personnel from controlling medical devices or checking their surgery schedules, past patient data, or medical treatment plans.

Wednesday's report was the first time when ransomware has infected a medical device per-se.

The WannaCry ransomware outbreak that took place exactly a week ago was first noticed because it affected over 40 hospitals in the UK. As more information surfaced, we soon found out that WannaCry targeted anybody with vulnerable computers, not jut hospitals. This included universities, manufacturing factories (Hitachi, Renault, Nissan), railway systems (Russia, Germany), banks, police departments, government agencies, and more.