The Department of Homeland Security issued a medical advisory related to the Philips HealthSuite Health Android App, an application that enables users to view and track body measurements, including heart rate and sleep.
The advisory relates to a detected vulnerability that "may allow an attacker with physical access to impact confidentiality and integrity of the product." The vulnerability is that the software uses simple encryption that is not strong enough for the level of protection required.
A security researcher reported this vulnerability to Philips, and the company has also issued a product security advisory stating, "this vulnerability will be addressed by a new software release scheduled for [the first quarter of] 2019."
Additionally, Philips noted it has not received reports of exploitation of this vulnerability or of clinical use incidents associated with the vulnerability.