NEW

MITA Applauds CMS for Creation of Medicare Coverage Pathway for Innovative Medical Technologies

The Medical Imaging & Technology Alliance (MITA), the leading organization and collective voice of medical imaging equipment, radiopharmaceutical, contrast media, and focused ultrasound device manufacturers, today applauded the Centers for Medicare & Medicaid Services (CMS) for its recently issued final rule concerning the Medicare Coverage of Innovative Technology (MCIT) program.

KA Imaging Appoints Seasoned Industry Executives to Key Leadership Positions

Manufacturer KA Imaging has appointed Shawn Campbell as vice president of operations and Robert Moccia as vice president of sales, USA and Canada.

ICE Moves to May

Mark your calendar, the conference dedicated to imaging directors, radiology administrators and imaging engineers is moving to May 11-12 in sunny Ft. Lauderdale Beach, Florida.

oneSOURCE Creates Free Resource Page with Up-to-Date COVID-19 Vaccine Information

Today, oneSOURCE, an RLDatix company and leading healthcare management solution, announced a new COVID-19 vaccine resource page to assist healthcare professionals during the initial administration phases of the vaccine.

CyberMDX, CISA and GE Work To Mitigate Potential Breaches Of Health Care Devices

CyberMDX

A vulnerability has been discovered in a range of GE Healthcare devices popular in hospitals, the U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) disclosed December 8. The vulnerability, discovered by CyberMDX, impacts dozens of radiological devices and could allow an attacker access to sensitive PHI data, alter data and impact the availability of the machine.

The CyberMDX team discovered this vulnerability after noticing similar patterns of unsecured communications between medical devices and the corresponding vendor’s servers across several different HDOs. After detecting the anomalies, the research further investigated discovering multiple recurring maintenance scenarios instigated automatically by GE’s server. The maintenance protocols rely on the machine having certain services available/ports open and using specific globally used credentials. These global credentials provide hackers with easy access to crucial medical devices. They also enable them to run arbitrary code on impacted machines and provide access to any data from the machine.

GE has confirmed that the vulnerability impacts many radiological devices including CT scanners, PET machines, molecular imaging devices, MRI machines, mammography devices, X-ray machines and ultrasound devices. The vulnerability also impacts certain workstations and imaging devices used in surgery. The list of affected product lines can be found here.

CVE-2020-25179 was given a CVSS score of 9.8, reflecting a critical severity, in the ICS-CERT Advisory ICSMA-20-343-01.

“Over the past few months, we’ve seen a steady rise in the targeting of medical devices and networks, and the medical industry is unfortunately learning the hard way the consequences of previous oversights,” said Elad Luz, head of research at CyberMDX. “Protecting medical devices so that hospitals can ensure quality care is of utmost importance. We must continue to eliminate easy access points for hackers and ensure the highest level of patient safety is upheld across all medical facilities.”

The MDhex-Ray discovery is the latest in a growing list for the CyberMDX research team. It follows a series of six vulnerabilities disclosed in January – dubbed MDhex, as well as vulnerabilities discovered in infusion pumps and anesthesia machines. The team works closely and frequently with regulatory bodies including CISA, MITRE and the FDA as well as with numerous medical device manufacturers and HDOs.

Previous

Next

Submit a Comment

Your email address will not be published. Required fields are marked *