NEW

Philips Showcases Tele-Ultrasound at AIUM Virtual Event

Royal Philips announced its participation in the upcoming Annual Integrative Ultrasound Meeting (AIUM) virtual event, April 11-14, hosted by the American Institute of Ultrasound in Medicine.

FUJIFILM Healthcare starts to operate as Fujifilm Group company

Adding CT/MRI and other medical devices to the lineup to globally provide value-added solutions based on medical IT

Hyperfine Launches ‘Total Rethink Buying Process’

Hyperfine Research announced in a press release that it is pioneering a wholesale simplification of the capital equipment purchasing experience with the launch of its Total Rethink Buying Process.

Cardinal Health Launches Navista TS

Cardinal Health Specialty Solutions has launched Cardinal Health Navista™ Tech Solutions (TS), an advanced suite of technology solutions to help community oncologists improve outcomes and costs associated with patient treatment as they transition to value-based care.

CyberMDX, CISA and GE Work To Mitigate Potential Breaches Of Health Care Devices

CyberMDX

A vulnerability has been discovered in a range of GE Healthcare devices popular in hospitals, the U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) disclosed December 8. The vulnerability, discovered by CyberMDX, impacts dozens of radiological devices and could allow an attacker access to sensitive PHI data, alter data and impact the availability of the machine.

The CyberMDX team discovered this vulnerability after noticing similar patterns of unsecured communications between medical devices and the corresponding vendor’s servers across several different HDOs. After detecting the anomalies, the research further investigated discovering multiple recurring maintenance scenarios instigated automatically by GE’s server. The maintenance protocols rely on the machine having certain services available/ports open and using specific globally used credentials. These global credentials provide hackers with easy access to crucial medical devices. They also enable them to run arbitrary code on impacted machines and provide access to any data from the machine.

GE has confirmed that the vulnerability impacts many radiological devices including CT scanners, PET machines, molecular imaging devices, MRI machines, mammography devices, X-ray machines and ultrasound devices. The vulnerability also impacts certain workstations and imaging devices used in surgery. The list of affected product lines can be found here.

CVE-2020-25179 was given a CVSS score of 9.8, reflecting a critical severity, in the ICS-CERT Advisory ICSMA-20-343-01.

“Over the past few months, we’ve seen a steady rise in the targeting of medical devices and networks, and the medical industry is unfortunately learning the hard way the consequences of previous oversights,” said Elad Luz, head of research at CyberMDX. “Protecting medical devices so that hospitals can ensure quality care is of utmost importance. We must continue to eliminate easy access points for hackers and ensure the highest level of patient safety is upheld across all medical facilities.”

The MDhex-Ray discovery is the latest in a growing list for the CyberMDX research team. It follows a series of six vulnerabilities disclosed in January – dubbed MDhex, as well as vulnerabilities discovered in infusion pumps and anesthesia machines. The team works closely and frequently with regulatory bodies including CISA, MITRE and the FDA as well as with numerous medical device manufacturers and HDOs.

Previous

Next

Submit a Comment

Your email address will not be published. Required fields are marked *