Vulnerability found in GE anesthesia and respiratory machines

A team of security researchers found a vulnerability in two versions of GE anesthesia and respiratory machines, according to TechCrunch.

When the machines are connected to a hospital network, the vulnerability allows hackers to silence alarms, alter records and change the composition of aspirated gases.

CyberMDX disclosed the vulnerability to GE in late October 2018. GE said versions of its 7100 and 7900 Aestiva and Aespire models were affected. The company did not say how many devices were affected; however, GE does not allow gas composition modification in systems that were sold after 2009.

On July 9, Homeland Security issued an advisory that said the flaws required "low skill level" to exploit.

GE remains confident that there is not risk to patients.

"After a formal risk investigation, we have determined that this potential implementation scenario does not introduce clinical hazard or direct patient risk, and there is not vulnerability with the anesthesia device itself," a spokesperson for the company told TechCrunch. "Our assessment does not lead us to believe there are patient safety issues."

More articles on cybersecurity:
Hospital CFOs are stepping into cybersecurity roles
US warns against Microsoft Outlook vulnerability
Smaller health systems struggle to follow cybersecurity best practices

© Copyright ASC COMMUNICATIONS 2019. Interested in LINKING to or REPRINTING this content? View our policies by clicking here.

 

Top 40 Articles from the Past 6 Months