Philips issues another cybersecurity alert for some of its medical devices

Philips released a security alert Aug. 21 about "resource exhaustion" flaws that put some of its central patient monitoring systems at risk for denial-of-service attacks, HealthcareInfoSecurity reports.

Two days later, on Aug. 23, Becton Dickinson posted a separate alert that deals with authentication issues on certain medical syringe pumps that it sells outside the U.S.

The two devicemakers have been particularly transparent in reporting cyber vulnerabilities with their products compared with other manufacturers, some experts told HealthcareInfoSecurity. For example, about one week prior to the posting of Philips' latest alert, the company issued an alert that described vulnerabilities involving "improper privilege management" and "unquoted search path or element" in certain versions of Philips' IntelliSpace Cardiovascular cardiac image and information management software.

Ben Ransford, CEO of healthcare cybersecurity firm Virta Labs, told the publication: "I'm happy Philips has a well-functioning disclosure program. ... Philips deserve a lot of credit for leading by example."

The latest Philips alert warns users about the company's IntelliVue Information Center iX Versions B.02., a central patient monitoring system. The "resource exhaustion" or "uncontrolled resource consumption" vulnerability, identified by a user of the Philips products, could be exploited to launch a denial-of-service attack, according to the Department of Homeland Security's Industrial Control Systems Cyber Emergency Response Team.

In its notice, Philips said that although the vulnerability is remotely exploitable, only hackers with a high level of skill could successfully launch an attack.

More articles on cybersecurity:

Security holes in Maryland's Medicaid system put patient data at risk, OIG finds
Most medical device cybersecurity issues attributed to user authentication, report suggests
Flaw in medical devices might allow hackers to change patient vital signs, McAfee finds

© Copyright ASC COMMUNICATIONS 2020. Interested in LINKING to or REPRINTING this content? View our policies by clicking here.


Featured Content

Featured Webinars

Featured Whitepapers