Security News

More than 100 medical devices made by GE Healthcare are affected by a potentially serious vulnerability that could allow an attacker to access or modify protected health information, medical cybersecurity company CyberMDX reported on Tuesday. The vulnerability, which is tracked as CVE-2020-25179 with a critical severity rating, has been found to impact CT scan, molecular imaging, PET, X-Ray, ultrasound and mammography devices, as well as workstations and imaging devices used in surgery.

A pair of critical vulnerabilities have been discovered in dozens of GE Healthcare radiological devices popular in hospitals, which could allow an attacker to gain access to sensitive personal health information, alter data and even shut the machine's availability down. GE has confirmed the vulnerability, which impacts the radiological devices as well as certain workstations and imaging devices used in surgery, according to the CyberMDX alert.

A vulnerability in GE Healthcare's proprietary management software used for medical imaging devices could put patients' health privacy at risk. GE's closed source management software runs on top of the Unix-based operating system installed on medical imaging systems to enable remote maintenance and update procedures.

A phisher's treasure chest of personally identifiable information for General Electric employees has been exposed - thanks to the compromise of one of the company's partners, Canon Business Process Services. The impact of the breach effects current and former GE employees and beneficiaries entitled to benefits, the conglomerate said.

General Electric revealed last week that the personal information of some employees may have been compromised as a result of a data breach suffered by Canon Business Process Services. In a data breach notification sent to affected individuals and submitted to the California Attorney General, GE said an unauthorized party gained access to a Canon email account containing documents belonging to some of its employees.

Federal regulators are warning healthcare providers about six vulnerabilities in some of GE Healthcare's medical device systems that could allow attackers to remotely take control of the gear. The GE Healthcare product vulnerabilities are the latest example of the medical device cybersecurity challenges the healthcare sector faces.

Researchers have discovered six critical and high-risk vulnerabilities - collectively dubbed MDhex - affecting a number of patient monitoring devices manufactured by GE Healthcare. The flaws may, according to GE Healthcare, allow an attacker to make changes at the device's OS level that may render the device unusable or interfere with its function, make changes to alarm settings on connected patient monitors, and utilize services used for remote viewing and control of multiple devices on the network to access the clinical user interface and make changes to device settings and alarm limits, which could lead to missed, unnecessary, or silenced alarms.

Several potentially serious vulnerabilities have been found in patient monitoring products made by GE Healthcare, the DHS's Cybersecurity and Infrastructure Security Agency and healthcare cybersecurity firm CyberMDX revealed on Thursday. GE Healthcare has also inadvertently exposed SSH private keys, making it possible for hackers to remotely connect to devices and execute malicious code.

A PR and marketing provider exposed sensitive data for a raft of big-name companies.

If you need to reset the software in your GE smart light bulb -- firmware version 2.8 or later -- just follow these easy instructions: Start with your bulb off for at least 5 seconds. Turn on for...