Security News > 2020 > December > Critical, Unpatched Bugs Open GE Radiological Devices to Remote Code Execution

A pair of critical vulnerabilities have been discovered in dozens of GE Healthcare radiological devices popular in hospitals, which could allow an attacker to gain access to sensitive personal health information, alter data and even shut the machine's availability down.

GE has confirmed the vulnerability, which impacts the radiological devices as well as certain workstations and imaging devices used in surgery, according to the CyberMDX alert.

In the meantime, administrators should contact GE Healthcare and request a credentials change on all affected devices in a facility.

In January, CyberMDX disclosed a collection of six cybersecurity vulnerabilities in a range of GE Healthcare devices for hospitals.

"Over the past few months we've seen a steady rise in the targeting of medical devices and networks, and the medical industry is unfortunately learning the hard way the consequences of previous oversights," said Elad Luz, head of research at CyberMDX. "Protecting medical devices so that hospitals can ensure quality care is of utmost importance. We must continue to eliminate easy access points for hackers and ensure the highest level of patient safety is upheld across all medical facilities."

News URL

https://threatpost.com/critical-unpatched-bug-ge-radiological-devices/162012/