The Department of Homeland Security issued a statement Oct. 24 that a flaw in the Philips IntelliSpace Perinatal management system was easily exploited, allowing unauthorized users to gain control of the device.
If the vulnerability was exploited successfully, a hacker could access the system resources, including to execute software or to view files, directories or system configuration. If clinicians have installed document export functions on the management systems, hackers could also gain access to patients' protected health information because of the vulnerability.
The flaw within the IntelliSpace Perinatal application can be exploited remotely.
Philips has been notified of the vulnerability and has made updates. The company recommends users operate all deployed and supported Philips IntelliSpace Perinatal products within Philips authorized specifications.
Because the management system runs with Windows software, Philips says users should always lock Windows when not actively using the device. Additionally, users should configure local and network firewalls to prevent unauthorized access.
Philips is assessing options for remediation in the next minor product update.