Philips released a security alert Aug. 21 about "resource exhaustion" flaws that put some of its central patient monitoring systems at risk for denial-of-service attacks, HealthcareInfoSecurity reports.
Two days later, on Aug. 23, Becton Dickinson posted a separate alert that deals with authentication issues on certain medical syringe pumps that it sells outside the U.S.
The two devicemakers have been particularly transparent in reporting cyber vulnerabilities with their products compared with other manufacturers, some experts told HealthcareInfoSecurity. For example, about one week prior to the posting of Philips' latest alert, the company issued an alert that described vulnerabilities involving "improper privilege management" and "unquoted search path or element" in certain versions of Philips' IntelliSpace Cardiovascular cardiac image and information management software.
Ben Ransford, CEO of healthcare cybersecurity firm Virta Labs, told the publication: "I'm happy Philips has a well-functioning disclosure program. ... Philips deserve a lot of credit for leading by example."
The latest Philips alert warns users about the company's IntelliVue Information Center iX Versions B.02., a central patient monitoring system. The "resource exhaustion" or "uncontrolled resource consumption" vulnerability, identified by a user of the Philips products, could be exploited to launch a denial-of-service attack, according to the Department of Homeland Security's Industrial Control Systems Cyber Emergency Response Team.
In its notice, Philips said that although the vulnerability is remotely exploitable, only hackers with a high level of skill could successfully launch an attack.