The software flaw that allowed a duo of cybersecurity researchers to bring down a Philips XPER hospital management system with 6 lines of code is still a problem in current XPER machines, Philips tells MassDevice.com.
Using fairly rudimentary hacking techniques, researchers have exposed vulnerabilities in a variety of medical devices, most recently in a Philips (NYSE:PHG) Xper hospital management system that buckled under the force of a mere 6 lines of code.
The Xper device often connects with hospital machines and patient databases that could be compromised by someone with the know-how and motive to infiltrate the system.
Researchers at Cylance Inc. who wrote the code warn that the software security loophole could provide malicious hackers the means to crash the hospital information device at will, take control of the system and even use it as a gateway to access other devices on the same network.
Philips initially suggested that the vulnerabilities may be limited to the older generation of the Xper information management system that the researchers tested, but company officials told MassDevice.com this week that the security holes are also a problem in current generations of the product.
Officials at the U.S. Dept. of Homeland Security and the FDA have taken an interest in the investigation and Philips is working on a fix that it can release to its customers, according to the Dutch healthcare and electronics conglomerate.