MassDevice

The Medical Device Business Journal — Medical Device News & Articles | MassDevice

Home » Cyber vulnerability discovered in GE Healthcare radiological devices

Cyber vulnerability discovered in GE Healthcare radiological devices

By

GE-Healthcare-logoCyberMDX announced that it uncovered a cyber vulnerability across a range of popular devices made by GE Healthcare (NYSE:GE).

The U.S. Dept. of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) disclosed the vulnerability yesterday after CyberMDX discovered that it could affect dozens of radiological devices by allowing an attacker to gain access to sensitive data, alter data and impact the availability of the machine, according to a news release.

CyberMDX discovered the vulnerability after observing similar patterns of unsecured communications between medical devices and the corresponding vendor’s servers. Research uncovered multiple recurring maintenance scenarios instigated automatically by GE’s server.

Maintenance protocols rely on the machine having certain services available and/or ports open while using specific credentials, which can provide hackers with easy access to crucial medical devices and allow them to run arbitrary code on impacted machines, CyberMDX said.

GE Healthcare confirmed that the vulnerability impacts a number of devices including CT scanners, PET machines, molecular imaging devices, MRI machines, mammography devices, X-ray machines and ultrasound devices. Additionally, the vulnerability impacts certain workstations and imaging devices used in surgery.

The company said that there is no patient safety concern associated with the potential vulnerability.

“We are not aware of any unauthorized access to data or incident where this potential vulnerability has been exploited in a clinical situation,” a GE Healthcare spokesperson told MassDevice via email. “We have conducted a full risk assessment and concluded that there is no patient safety concern. Maintaining the safety, quality, and security of our devices is our highest priority.”

Cybersecurity firms test for vulnerabilities directly on a device, while a potential hacker would need to navigate through a health facility’s clinical network security and firewalls. If successful in doing so, imaging data is generally not stored on diagnostic imaging devices long-term, so with personal health information on the devices limited, a breach of personal or health information is unlikely.

“Over the past few months we’ve seen a steady rise in the targeting of medical devices and networks, and the medical industry is unfortunately learning the hard way the consequences of previous oversights,” CyberMDX head of research Elad Luz said in the news release. “Protecting medical devices so that hospitals can ensure quality care is of utmost importance. We must continue to eliminate easy access points for hackers and ensure the highest level of patient safety is upheld across all medical facilities.”

 

This story was updated with information from GE Healthcare.

In case you missed it

RSS From Medical Design & Outsourcing

  • FDA’s breakthrough medical device designations tally nears 700
    Stewart Eisenhart, Emergo Group The US Food and Drug Administration has granted almost 700 designations over the past seven years under a voluntary program for expedited regulatory review of medical devices and combination products that facilitate more effective treatment or diagnosis of serious diseases. According to recent metrics published by FDA, the agency has issued a total of… […]
  • Lifecore Biomedical’s owner plans to go all-in on contract development and manufacturing
    Lifecore Biomedical parent company Landec Corp. (Nasdaq:LNDC) plans to take the subsidiary’s name, leadership and headquarters as its own and sell off food businesses to focus on contract development and manufacturing. Santa Maria, California-based Landec said it will rename itself as Lifecore Biomedical “in the near future” and change its Nasdaq ticker to LFCR. Landec… […]
  • COVID-19 immunity test developers at MIT seek diagnostic manufacturer
    MIT researchers have developed a device for predicting an individual’s COVID-19 immunity and are looking for a diagnostic company to get it manufactured in large numbers and approved by the FDA. The lateral flow test uses the same technology as at-home rapid antigen COVID-19 tests to measure neutralizing antibodies for SARS-CoV-2 in a blood sample,… […]
  • GE Healthcare picks AI imaging startups for inaugural Edison Accelerator
    GE Healthcare and Nex Cubed have selected seven companies focused on artificial-intelligence-augmented medical imaging for the first cohort of the Edison Accelerator in Canada. The companies will be matched with mentors and test their technologies with GE’s new Edison Digital Health Platform over the next three months. The program will end with innovation showcase presentations… […]
  • Boston Scientific whistleblower launches corruption investigation
    Boston Scientific (NYSE:BSX) is investigating claims that the company violated the U.S. Foreign Corrupt Practices Act in Vietnam. Marlborough, Massachusetts–based Boston Scientific disclosed receipt of a whistleblower’s allegations in its latest filing with the Securities and Exchange Commission. “In March 2022, the company received a whistleblower letter alleging Foreign Corrupt Practices Act violations in Vietnam.… […]
  • 5 essential leadership lessons from Cathy Burzik for medtech’s next generation of women leaders
    Cathy Burzik, a seasoned senior executive in the healthcare industry, has successfully led major medical device, diagnostic, diagnostic imaging and life sciences businesses. Cathy Burzik, CFB Interests (as told to MedExecWomen co-founder Maria Shepherd) One key to being a successful women leader in MedTech: “Play nice, but play to win.” Cathy Burzik, who received a… […]
  • Stratasys plans to buy Covestro’s additive manufacturing business
    Stratasys (Nasdaq:SSYS) said today that it has a deal to purchase the additive manufacturing materials business of Covestro. The deal includes R&D facilities and activities, global development and sales teams across Europe, the U.S. and China, a portfolio of approximately 60 additive manufacturing materials, and hundreds of patents and patents pending, Stratasys said in a… […]
  • New implant design prevents scar tissue without drugs, MIT says
    Mechanically inflating and deflating an implantable device for 10 minutes a day prevents immune cells from building the scar tissue that has been a major obstacle for artificial pancreas researchers. That’s according to new findings from a team of MIT engineers who built mechanical deflection into a two-chambered, soft polyurethane device tested on mice. By… […]
  • Blue Spark’s TempTraq catches fevers faster. Fever prediction is next.
    Blue Spark Technologies developed the first wireless continuous temperature monitor patch, TempTraq, to enable faster fever detection than standard manual readings every four hours. Westlake, Ohio-based Blue Spark is now looking at fever prediction rather than just detecting them. The R&D team is working on developing an AI neural network model built on the company’s… […]
  • Harvard researchers plan to sell at-home, PCR-grade COVID testing system
    The Harvard University researchers who developed an ultrasensitive, PCR-grade nucleic acid detection technology plan to commercialize it as a portable COVID-19 test. Harvard Medical School professor Peng Yin, who also leads the Wyss Institute for Biologically Inspired Engineering’s Molecular Robotics Initiative, founded 3EO Health to sell the device. “In order to optimize the value of… […]
  • FDA reports sterilization challenge progress as EPA takes aim at EtO emissions
    The FDA offered an update on its efforts to make medical device sterilization safer as the EPA identified 23 U.S. facilities where use of ethylene oxide (EtO) presents a risk to communities. The FDA said it is similarly concerned about unsafe EtO emissions and highlighted work with the medical device industry to reduce EtO usage… […]