MassDevice

The Medical Device Business Journal — Medical Device News & Articles | MassDevice

Home » Cyber vulnerability discovered in GE Healthcare radiological devices

Cyber vulnerability discovered in GE Healthcare radiological devices

By

GE-Healthcare-logoCyberMDX announced that it uncovered a cyber vulnerability across a range of popular devices made by GE Healthcare (NYSE:GE).

The U.S. Dept. of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) disclosed the vulnerability yesterday after CyberMDX discovered that it could affect dozens of radiological devices by allowing an attacker to gain access to sensitive data, alter data and impact the availability of the machine, according to a news release.

CyberMDX discovered the vulnerability after observing similar patterns of unsecured communications between medical devices and the corresponding vendor’s servers. Research uncovered multiple recurring maintenance scenarios instigated automatically by GE’s server.

Maintenance protocols rely on the machine having certain services available and/or ports open while using specific credentials, which can provide hackers with easy access to crucial medical devices and allow them to run arbitrary code on impacted machines, CyberMDX said.

GE Healthcare confirmed that the vulnerability impacts a number of devices including CT scanners, PET machines, molecular imaging devices, MRI machines, mammography devices, X-ray machines and ultrasound devices. Additionally, the vulnerability impacts certain workstations and imaging devices used in surgery.

The company said that there is no patient safety concern associated with the potential vulnerability.

“We are not aware of any unauthorized access to data or incident where this potential vulnerability has been exploited in a clinical situation,” a GE Healthcare spokesperson told MassDevice via email. “We have conducted a full risk assessment and concluded that there is no patient safety concern. Maintaining the safety, quality, and security of our devices is our highest priority.”

Cybersecurity firms test for vulnerabilities directly on a device, while a potential hacker would need to navigate through a health facility’s clinical network security and firewalls. If successful in doing so, imaging data is generally not stored on diagnostic imaging devices long-term, so with personal health information on the devices limited, a breach of personal or health information is unlikely.

“Over the past few months we’ve seen a steady rise in the targeting of medical devices and networks, and the medical industry is unfortunately learning the hard way the consequences of previous oversights,” CyberMDX head of research Elad Luz said in the news release. “Protecting medical devices so that hospitals can ensure quality care is of utmost importance. We must continue to eliminate easy access points for hackers and ensure the highest level of patient safety is upheld across all medical facilities.”

 

This story was updated with information from GE Healthcare.

In case you missed it

RSS From Medical Design & Outsourcing

  • Tegra Medical announces new director of sales and marketing in Europe
    Tegra Medical announced that it appointed Darren Vine as its director of sales and marketing in Europe. Franklin, Mass.-based Tegra said in a news release that Vine will report to CEO and head of SFS division medical Walter Kobler, with responsibilities including the building of the company’s presence through expansion into new markets around the… […]
  • 5 challenges Boston Scientific overcame to make single-use scopes work
    FDA wanted single-use scopes to reduce potentially deadly superbug infections. Here’s how Boston Scientific made it happen. Boston Scientific’s Exalt Model D Single-Use Duodenoscope received FDA clearance in December 2019. It was the first device of its kind to hit the medical market. Just five months earlier, the FDA urged device manufacturers to move away from re-usable duodenoscopes with… […]
  • Veranex acquires Experien Group
    Veranex announced today that it acquired Experien Group, a provider of regulatory, quality and clinical consulting services for medtech companies. Raleigh, N.C.-based Veranex, which was created as a combination of companies after Summit Partners acquired Ximedica, Quartesian and Boston Healthcare Associates in June, offers integrated product development strategies and services to medtech companies. According to… […]
  • How Olympus is using AI to find patients for its COPD device
    Olympus recently announced its SeleCT Connect program, which uses diagnostic imaging AI to automatically screen which people might benefit from its Spiration valve system. Spiration is an FDA-designated breakthrough device for treating chronic obstructive pulmonary disease (COPD) patients. SeleCT Connect — offered as part of Olympus’ SeleCT quantitative computer tomography (QCT) analysis service — is… […]
  • Catheter & Medical Design and VitalDyne Medical rebrand as VitalPath
    Catheter & Medical Design and VitalDyne Medical — makers of complex medical catheter systems — have rebranded under the name VitalPath. The move comes about five months after CMD’s March 2021 acquisition of VitalDyne. The Roseville, Minn.–based company also has a new website at vitalpath.com. VitalPath will exhibit at booth  No. 1714 at MD&M West,… […]
  • Dymax touts newest formulations for medtech wearables
    Dymax is using MD&M West in Anaheim, Calif. next week to tout its newest formulations for assembling medical device wearables. The Dymax materials are free from IBOA and TPO, are compatible with common and difficult substrates, and have passed ISO 10993-10 for sensitization and irritation, according to the Torrington, Conn.–based company. For manufacturers involved with… […]
  • What is a proportional isolation valve?
    A “proportional” isolation valve can bring the next level of control and design for engineers, especially in life science industries. Doug Paynter, Clippard When we talk about proportional valves, whether they are pneumatic or hydraulic, we typically refer to valves that vary their flow path when you apply an increasing or decreasing amount of power/current… […]
  • CoorsTek scores EU legal win in pink components trademark dispute
    The EU Trademark Court of Appeals in Paris recently upheld a Paris EU Trademark High Court decision that sided with CoorsTek against CeramTec in a trademark dispute over “pink” ceramic hip components. The Paris Court of Appeals in its June 2021 ruling upheld the cancelations of the three EU trademarks and the dismissal of CeramTec’s… […]
  • Abbott CMO Dr. Nick West touts latest iteration of drug-eluting stent
    Abbott executive Dr. Nick West believes the company offers the “best-in-class” drug-eluting stent with its Xience platform. When Abbott (NYSE:ABT) CMO & divisional VP of global medical affairs Dr. Nick West looks back at his use of drug-eluting stents in the early 2000s, all he sees now is innovation. As a practicing interventional cardiologist, West remembers… […]
  • Versapor® RC Membranes: The next generation of venting materials
    As the world leader in the design and production of membranes, filtration devices, and separation systems, Pall Corporation supplies products to nearly every industry in the world. Founded in 1946, Pall Corporation has set the standard for filtration solutions for 75 years and counting. Our customers have relied on us for their most sophisticated applications… […]
  • Tips to help bring your medical device from mind to market
    By Bret Ludwig, Ph.D. Senior Product Development Specialist, 3M Medical Materials & Technologies Great medical devices start with an idea—a spark. And from there, it might move to the back of a napkin or a notepad. But as development continues, the process can get trickier and more complex. In fact, turning an idea into a… […]