Yesterday the FDA sent out a safety communication to alert healthcare providers and facility staff about several cybersecurity vulnerabilities related to certain GE Healthcare Clinical Information Central Stations and Telemetry Services. The devices are used to display physiologic parameters (i.e., blood pressure, heartbeat) and to monitor patient status from a facility’s central location point, such as a nurse workstation.
Identified by a security firm, the vulnerabilities involve the potential for an attacker to remotely control these devices, silence alarms, generate false alarms, and interfere with alarms of the monitors connected to the devices. In addition, the attacks can go undetected and without user interaction. “Because an attack may be interpreted by the affected device as normal network communications, it may remain invisible to existing security measures,” according to the FDA safety communication.
The agency is working with GE Healthcare as the company develops software patches to correct the vulnerabilities. Information about the patches will be posted on GE Healthcare’s Product Security Portal (a login is required for access).
Related Articles
-
The revised cybersecurity draft publication is not intended to be a checklist for healthcare organizations to follow, but rather a guide to help them comply with the HIPAA Security Rule.
-
Unauthorized access could allow an attacker to take full control of the host operating system.
-
With the ever-increasing adoption of connected devices, the agency is emphasizing the need for effective cybersecurity.
-
“We are excited to combine Bomi’s talent, expertise and capabilities with UPS Healthcare—together, we will provide unmatched solutions to our customers, powered by UPS’s integrated, global smart logistics network.”
