Four details:
1. The advisory notes multiple products, including GE Healthcare’s cardiovascular and women’s health ultrasounds, X-ray and CT technology, have vulnerabilities that hackers with a low skill level could exploit remotely.
2. Noted vulnerabilities allow for unprotected credentials transportation and exposure of sensitive system information. Hackers who gains access to a healthcare delivery organization’s network could exploit these vulnerabilities to gain remote access to the devices with service user privileges.
3. The hackers could breach patient health information or run arbitrary code which could affect the system’s availability and allow them to manipulate protected health information.
4. GE said it will take proactive measures to ensure the product firewalls are properly configured and change default passwords on affected devices where possible. The company recommended health systems ensure proper segmentation of the local hospital or clinic network and create explicit access rules to protect devices.
More articles on health IT:
Over half of US households used the internet for health activities in 2019, survey finds
Cerner inks clinical trials partnership to make data tools available to health systems
HHS makes COVID-19 hospital-level data available for 1st time
