Six vulnerabilities have been found in GE Healthcare devices, which, if exploited, could allow hackers to make them unusable or interfere with their functionality, according to federal officials. The U.S. Department of Homeland Security's Cybersecurity and Infrastructure Security Agency and FDA made the announcement Jan. 23.
The affected GE Healthcare devices are a few of the GE Healthcare Clinical Information Central Stations and Telemetry Servers, including the CARESCAPE Central Information Center, Apex Telemetry Server/Tower, Central Station, Telemetry Servicer, B450 patient monitor, B650 patient monitor and B850 patient monitor.
If the vulnerabilities are exploited, hackers could make changes to the software in the devices, making them unusable. Additionally, the vulnerabilities allow hackers to interfere with the device's functionality, make changes to alarm settings and expose protected health information.
Third-party cybersecurity company CyberMDX discovered the vulnerabilities. Based on the National Infrastructure Advisory Council's score for assessing the severity of computer vulnerabilities, five the six scored a 10. The other vulnerability was given an 8.5 severity score.
It's unclear about the number of devices affected on a global basis. However, the cybersecurity company estimates that hundreds of thousands of devices may be at risk.
The FDA recommends hospital segregate any networks connecting to the patient monitors as well as using firewalls, virtual private networks, network monitors or other technologies to mitigate the risk of the vulnerabilities being exploited.