Security News > 2020 > January > Vulnerabilities Found in Some GE Healthcare Devices

Federal regulators are warning healthcare providers about six vulnerabilities in some of GE Healthcare's medical device systems that could allow attackers to remotely take control of the gear.

The GE Healthcare product vulnerabilities are the latest example of the medical device cybersecurity challenges the healthcare sector faces.

"If we look at the general cyber news reporting on the rise of botnets, some of these have been attributed to susceptible IoT devices. Medical devices are a unique subset of IoT and vulnerabilities in IoT and medical devices will continue now and the foreseeable future."

In a statement, CyberMDX says five out of the six vulnerabilities have been rated a maximum 10/10 severity, while the final vulnerability has been graded as a high severity vulnerability with a score of 8.5/10. The affected GE Healthcare equipment includes the Carescape Telemetry Server, ApexPro Telemetry Server, Carescape Central Station and Clinical Information Center systems, Carescape B450, B650, B850 monitors.

In a statement, GE Healthcare tells Information Security Media Group: "We are instructing the facilities where these devices are located to follow network management best practices and are developing a software patch with additional security enhancements. We are not aware of any incidents where these vulnerabilities have been exploited in a clinical situation."

News URL

https://www.inforisktoday.com/vulnerabilities-found-in-some-ge-healthcare-devices-a-13647