Security News > 2020 > January > Vulnerabilities Found in GE Healthcare Patient Monitoring Products
Several potentially serious vulnerabilities have been found in patient monitoring products made by GE Healthcare, the DHS's Cybersecurity and Infrastructure Security Agency and healthcare cybersecurity firm CyberMDX revealed on Thursday.
GE Healthcare has also inadvertently exposed SSH private keys, making it possible for hackers to remotely connect to devices and execute malicious code.
GE Healthcare is working on developing patches for these vulnerabilities and the updates, which will contain additional security enhancements as well, should become available in the second quarter of 2020.
The company is not aware of any incidents involving these vulnerabilities and it has pointed out that monitoring devices contain minimal PHI, such as name and basic vitals, but not databases of stored information.
Even this minimal data is only stored on monitoring devices for a brief period - depending on the device and its configuration - and in most cases it should be deleted when the patient is discharged.