The company issued an advisory July 30 regarding the medium-severity vulnerability, which affects Versions 2.24x and prior. The DreamMapper software is a personalized therapy adherence tool for sleep apnea patients but the vulnerability does not impact patient safety.
The issue would require a low skill level to exploit, which would allow unauthorized access to log file information containing descriptive error messages. The company has not received any reports that the vulnerability has been exploited to date.
Philips is planning a new DreamMapper release for June 30, 2021, to remediate the vulnerability.
More articles on cybersecurity:
January Beaumont email hack affected 6,000 patients: 4 details
NY hospital reverts to pen & paper after online breach: 4 details
Lifespan pays over $1M to settle HIPAA charge
At the Becker's 11th Annual IT + Revenue Cycle Conference: The Future of AI & Digital Health, taking place September 14–17 in Chicago, healthcare executives and digital leaders from across the country will come together to explore how AI, interoperability, cybersecurity, and revenue cycle innovation are transforming care delivery, strengthening financial performance, and driving the next era of digital health. Apply for complimentary registration now.
