Over 1850 Total Lots Up For Auction at Six Locations - MA 04/30, NJ Cleansweep 05/02, TX 05/03, TX 05/06, NJ 05/08, WA 05/09

Spanish Spanish

Some GE imaging systems vulnerable to hacking: Homeland Security

by Thomas Dworetzky, Contributing Reporter | March 21, 2018
Health IT X-Ray
Share
The Department of Homeland Security issued a vulnerability alert March 13th for some GE Healthcare medical imaging product lines.

Independent researcher Scott Erven reached out to the DHS's Industrial Control Systems Cyber Emergency Response Team to warn of potential risks from use of default or hardcoded credentials in the products.

According to the alert a possibly "successful exploitation of this vulnerability” could let remote hackers get around authentication “and gain access to the affected devices."

Such a hack could pose big risks. Phil Curran, chief information assurance officer and chief privacy officer at Cooper University Health Care in Camden, New Jersey, told the site Gov Info Security of the ISMG Network that, "depending on what function the user ID/password provides within the code, the range goes from affecting how the device operates – a patient safety issue – to changing data integrity, to complete shutdown, to accessing patient information."

After being informed of the issue, GE reviewed “the capability to change passwords identified by the researcher within the product documentation", according to the ICS-CERT alert, "and users are advised to contact GE Service for assistance in changing passwords,"

The advisory also stated that a number of GE Healthcare devices are potentially impacted, including its Optima, Discovery, Revolution, Centricity, THUNIS, eNTEGRA, CADStream, GEMNet, Infinia, Millenium, Precision MP/i, and Xeleris lines.

GE Healthcare stated to ISMG that “We are working closely with customers to implement best practices for security, and supporting requests for assistance in changing passwords."

The advisory also noted that there are some updates from GE to address the default or hardcoded credentials, but not for the Optima 680, Revolution XQ/i, and THUNIS-800+ systems.

Moreover, the advisory listed a number of other defensive measures users could take to minimize the risk of exploitation of this vulnerability. Specifically, users should:

  • Close all unused ports on affected systems.

  • Where possible, discontinue or limit the use of non-product-related third-party software, such as email and web browser software on the affected system, which could broaden the attack surface of medical devices.

  • Ensure that affected systems have applied the most current vendor-issued patches available.

Sign up for Health IT stories Sign up for Weekly Top stories

You Must Be Logged In To Post A Comment

Sign up for Weekly Top stories

Sign up for Health IT stories

 

advertisement

Health IT Homepage

Through Edgility acquisition ABOUT aims for end-to-end AI-driven patient flow
Bayer and Google Cloud to accelerate development of AI-powered radiology applications
GE HealthCare closes MIM Software deal
Teleradiology company and CEO admit to unlawful billing, will pay $3.1 million
How Gartner's 2024 cybersecurity trends can guide your cybersecurity efforts
IONIC Health, GE HealthCare announce 510(k)-clearance of nCommand Lite System for multi-vendor, remote imaging
Field service technicians: Unsung heroes in maintaining efficiency and reducing headaches in hospital networks
HHS opens probe into role Change Healthcare may have played in cyberattack
Philips and AWS unveil pathology cloud data storing initiative at HIMSS
PE firm Frazier HealthCare Partners acquires RevSpring from GTCR