Vulnerability found in GE anesthesia and respiratory machines

A team of security researchers found a vulnerability in two versions of GE anesthesia and respiratory machines, according to TechCrunch.

When the machines are connected to a hospital network, the vulnerability allows hackers to silence alarms, alter records and change the composition of aspirated gases.

CyberMDX disclosed the vulnerability to GE in late October 2018. GE said versions of its 7100 and 7900 Aestiva and Aespire models were affected. The company did not say how many devices were affected; however, GE does not allow gas composition modification in systems that were sold after 2009.

On July 9, Homeland Security issued an advisory that said the flaws required "low skill level" to exploit.

GE remains confident that there is not risk to patients.

"After a formal risk investigation, we have determined that this potential implementation scenario does not introduce clinical hazard or direct patient risk, and there is not vulnerability with the anesthesia device itself," a spokesperson for the company told TechCrunch. "Our assessment does not lead us to believe there are patient safety issues."

Copyright © 2024 Becker's Healthcare. All Rights Reserved. Privacy Policy. Cookie Policy. Linking and Reprinting Policy.

 

Featured Whitepapers

Featured Webinars