Four things to know:
1. The company’s advisory states that Philips IntelliBridge Enterprise software has unencrypted user credentials stored in transaction logs. The vulnerability affects the Versions B.12 and prior.
2. The vulnerability would allow existing administrators or high-privileged system users access to credentials for the hospital’s clinical information systems. IntelliBridge Enterprise provides HL7 interface interoperability between Philips products and hospitals’ clinical information systems or EHRs.
3. The issue requires a high skill level to exploit, and Philips said it has not received reports that the vulnerability has been exploited.
4. Philips said it plans a new release by the end of 2020 that remediates the issue by not logging the plain text user credentials in the log file.In the meantime, Philips recommends that transaction logs be made only accessible with administrative privileges.
More articles on cybersecurity:
University of Utah Health reports employee emails hacked: 5 details
Castro Valley Health inadvertently sends patient info to third-party website: 4 notes
Lawsuit alleges health system maintained PHI ‘in a reckless manner’ ahead of breach
