Continue to Site

MassDevice

The Medical Device Business Journal — Medical Device News & Articles | MassDevice

Home » Cyber vulnerability discovered in GE Healthcare radiological devices

Cyber vulnerability discovered in GE Healthcare radiological devices

By

GE-Healthcare-logoCyberMDX announced that it uncovered a cyber vulnerability across a range of popular devices made by GE Healthcare (NYSE:GE).

The U.S. Dept. of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) disclosed the vulnerability yesterday after CyberMDX discovered that it could affect dozens of radiological devices by allowing an attacker to gain access to sensitive data, alter data and impact the availability of the machine, according to a news release.

CyberMDX discovered the vulnerability after observing similar patterns of unsecured communications between medical devices and the corresponding vendor’s servers. Research uncovered multiple recurring maintenance scenarios instigated automatically by GE’s server.

Maintenance protocols rely on the machine having certain services available and/or ports open while using specific credentials, which can provide hackers with easy access to crucial medical devices and allow them to run arbitrary code on impacted machines, CyberMDX said.

GE Healthcare confirmed that the vulnerability impacts a number of devices including CT scanners, PET machines, molecular imaging devices, MRI machines, mammography devices, X-ray machines and ultrasound devices. Additionally, the vulnerability impacts certain workstations and imaging devices used in surgery.

The company said that there is no patient safety concern associated with the potential vulnerability.

“We are not aware of any unauthorized access to data or incident where this potential vulnerability has been exploited in a clinical situation,” a GE Healthcare spokesperson told MassDevice via email. “We have conducted a full risk assessment and concluded that there is no patient safety concern. Maintaining the safety, quality, and security of our devices is our highest priority.”

Cybersecurity firms test for vulnerabilities directly on a device, while a potential hacker would need to navigate through a health facility’s clinical network security and firewalls. If successful in doing so, imaging data is generally not stored on diagnostic imaging devices long-term, so with personal health information on the devices limited, a breach of personal or health information is unlikely.

“Over the past few months we’ve seen a steady rise in the targeting of medical devices and networks, and the medical industry is unfortunately learning the hard way the consequences of previous oversights,” CyberMDX head of research Elad Luz said in the news release. “Protecting medical devices so that hospitals can ensure quality care is of utmost importance. We must continue to eliminate easy access points for hackers and ensure the highest level of patient safety is upheld across all medical facilities.”

 

This story was updated with information from GE Healthcare.

In case you missed it

RSS From Medical Design & Outsourcing

  • Elevating Robotic Precision in Medical Devices: A Case Study by Omniseal Solutions™
    Unlock the secrets behind smoother robotic movements in medical devices with Omniseal Solutions™’ low friction sealing innovation. Our latest case study showcases how precision engineering meets medical excellence, ensuring optimal performance and reliability in robotic arm joints. By Clara Soueve Digital Customer Acquistion Specialist – Omniseal Solution™ Life Sciences Pioneering Low-Friction Seals for Robotic Arm… […]
  • How Medtronic evaluates its exposure to GLP-1 drugs
    Medtronic Chief Scientific, Medical and Regulatory Officer Dr. Laura Mauri drills into GLP-1 drug trial results to estimate their impact across the portfolio. The impact of glucagon-like peptide-1 (GLP-1) drugs like Ozempic and Wegovy on medtech manufacturing is one of the biggest uncertainties heading into 2024. Industry leaders like Medtronic, Stryker and Intuitive have faced… […]
  • Brain-computer interface lets ALS patient control home devices
    Researchers say they observed the successful translation of brain signals into computer commands with a brain-computer interface (BCI) implant. A team at Johns Hopkins surgically implanted the BCI on the brain of an ALS (amyotrophic lateral sclerosis) patient. They published their results, which showed the accurate translation of computer commands from brain activity, in Advanced Science.… […]
  • The 10 largest medtech employers of 2023 – and what their employees really think
    Employees at the 10 largest medtech employers in the world are finding a greater balance between work and life but are still frustrated by corporate bureaucracy. Those are just a few takeaways as Medical Design & Outsourcing compiled employees’ sentiments from reviews posted on Glassdoor. Total medtech jobs were down year-over-year in our 2023 Medtech… […]
  • Imperative Care CEO Fred Khosravi’s dream for medtech — and how to get there
    Medtech leader Fred Khosravi is betting on an innovative — and risky — approach to patient care. Imperative Care co-founder, Chair and CEO Fred Khosravi, a refugee of the Iranian Revolution who became an engineer and serial entrepreneur in the U.S., wants medtech to shift its focus from treating diseases to treating patients. He’s taking… […]
  • Can AI ‘move fast and cure things’ in healthcare?
    The entry of AI into healthcare is starkly different from the accepted adage of “move fast and break things” in consumerism. In episode 1 of AI Meets Life Sci, Kayleen Brown, managing editor at DeviceTalks, and Brian Buntz, pharma and biotech editor, discuss the opportunities, limitations, and direct impact of Ai in healthcare fields including… […]
  • Mytos raises $19M Series A to automate human cell manufacturing
    NEWS RELEASE: Mytos Announces $19M Series A Funding to Automate Human Cell Manufacturing and Further Accelerate Growth London, UK – November 30, 2023 – Mytos, an innovative leader in automated cell manufacturing, announced today it has closed $19M in Series A financing led by Buckley Ventures, with participation from IQ Capital and Wing VC. The… […]
  • Moticont releases 0.875-in. diameter linear voice coil servo motor
    NEWS RELEASE: Linear Voice Coil Servo Motor Just 0.875 in. in Diameter Has High Force-to-Size High Acceleration, and a 0.25 in. Stroke! Van Nuys, CA – Moticont has released the GVCM-022-013-01 Linear Voice Coil Servo Motor. This compact .875 in. (22.2 mm) diameter high speed, high force-to-size linear motor features high accuracy and high repeatability… […]
  • Wearable developer Empatica aims to develop new digital biomarkers
    Empatica Chief Medical Officer Dr. Marisa Cruz discusses advances in wearable technology and how new digital biomarkers could advance medtech. Dr. Marisa Cruz envisions a future where unobtrusive wearable devices with advanced sensors will continuously measure and record actionable biodata without patients having to lift a finger. Cruz is an endocrinologist and internist who serves… […]
  • Nordson Medical expands Pennsylvania operations
    NEWS RELEASE: Nordson Medical expands Easton, Pennsylvania operations into an additional facility Easton, Pennsylvania – November 29, 2023 – Nordson Medical, a global leader in the medical device components industry, is expanding its Easton, Pennsylvania operations into an additional facility less than two miles away. This expansion will allow an increased capacity of their fluorinated… […]
  • Medtech glossary: Medical device industry terms, abbreviations and acronyms
    Acronyms, abbreviations and definitions of medtech terms, devices and companies Medtech’s a complicated business, with its own industry abbreviations, acronyms and terms. Cut through the jargon with our constantly evolving glossary — and please suggest additions by emailing Managing Editor Jim Hammerand. 3D printing: A type of additive manufacturing used to make patient-specific anatomical models,… […]

About Sean Whooley

Sean Whooley is an associate editor who mainly produces work for MassDevice, Medical Design & Outsourcing and Drug Delivery Business News. He received a bachelor's degree in multiplatform journalism from the University of Maryland, College Park. You can connect with him on LinkedIn or email him at swhooley@wtwhmedia.com.

Copyright © 2023 · WTWH Media LLC and its licensors. All rights reserved.
The material on this site may not be reproduced, distributed, transmitted, cached or otherwise used, except with the prior written permission of WTWH Media.

Privacy Policy