DOTmed Home MRI Oncology Ultrasound Molecular Imaging X-Ray Cardiology Health IT Business Affairs
News Home Parts & Service Operating Room CT Women's Health Proton Therapy Endoscopy HTMs Mobile Imaging
Current Location:
> This Story

Log in or Register to rate this News Story
Forward Printable StoryPrint Comment




Health IT Homepage

Life Image and Dicom Systems partner on interoperability Combine Dicom Systems' Unifier with Life Image global data-sharing network

Philips integrates its IntelliSpace Enterprise Edition, PerformanceBridge solutions ahead of RSNA Will be rolled out at Jackson Health System

FDA unveils new mobile app for real-world patient data collection Informs clinicians for regulatory decision-making

To tech companies entering healthcare: proceed with caution... please The core ideals of healthcare and tech are actually very different

Intelerad to advance InteleViewer platform with EnvoyAI technology suite Providing a 'broad list of algorithms' for rad exams

Fujifilm's Synapse 5 PACS gets OK to run on US DoD networks Credits the approval to an emphasis on data protection

IBM taking Watson Health to hybrid cloud Announcement comes on the heels of Red Hat acquisition

PaxeraHealth to develop new AI module for PACS system Captures and stores actions and behavior of radiologist

Renewing clinical faith: reducing telemetry overuse by improving med-surg monitoring A useful bookstore analogy to see what hospitals could be doing better

Accuray showcases software upgrades for CyberKnife and Radixact at ASTRO Allows for 40 percent faster treatment delivery

Homeland Security warns that Philips DoseWise Portal has security vulnerabilities

by Thomas Dworetzky , Contributing Reporter
Philips DoseWise Portal (DWP), a web application for reporting and tracking radiation exposure, could be remotely hacked, according to Homeland Security — but a new update improves security.

In an Industrial Control System Computer Emergency Response Team (ICS-CERT) advisory the agency has advised that, “Philips has identified hard-coded credentials and cleartext storage of sensitive information vulnerabilities” in its application, and the company has announced that there is an August update of the product documentation and a new version “that mitigates these vulnerabilities.”

Story Continues Below Advertisement

RamSoft PowerServer™ RIS/PACS - Enabling Efficient Diagnostic Imaging

RamSoft's PowerServer™ RIS/PACS is an intuitive, single database application that enables healthcare practices to operate diagnostic imaging more efficiently than ever before.Why is this important? Click to find out.

The versions affected are DoseWise Portal and They will be upgraded to Version – which will replace the authentication method and remove the hard-coded/fixed password vulnerabilities from the system, according to the agency.

A hacker exploiting the vulnerabilities could access the portal database, which holds patient health information.

One of the flaws is that there are hard-coded credentials for a back-end database account in the application – allowing a hacker to gain access to the back-end system. The portal also stores other login credentials in cleartext in the back-end database – thus allowing access to patient data.

To date, there is no indication that anyone has exploited this system weakness, but little skill would be required to do so, according to Homeland.

Until the update can be installed, Philips suggests the following steps be taken:

  • Make certain of network security best practices

  • Block Port 1433, unless a separate SQL server is being used

This advisory can be found here.

ICE-CERT also advised that all networked medical devices and systems be reviewed to ensure they can't be attacked via the Internet, are behind firewalls, and isolated from the institution's business networks.

If remote access is needed, it advised the use of more rigorous security, such as a VPN.

The portal's weakness to attack is just the latest hacking issue to arise in the networked medical device and software space.

Earlier in August, some Siemens PET/CT scanners were identified as vulnerable to hacking.

“Exploits that target these vulnerabilities are publicly available,” the ICS-CERT advisory noted at the time. Again, the skill level needed by a hacker would be deemed “low.”

Four vulnerabilities were identified, all linked to the fact that the products run Windows 7.

The products involved included all Windows 7-based versions of Siemens PET/CT Systems, SPECT/CT Systems, and SPECT Systems, and Siemens SPECT Workplaces/

Perhaps even more alarming, in 2016, a white-hat security expert and diabetic uncovered a flaw allowing others to manipulate insulin levels remotely in the Johnson & Johnson Animas OneTouch Ping insulin pump.

“The OneTouch Ping insulin pump system uses cleartext communications, rather than encrypted communications, in its proprietary wireless management protocol,” the security firm Rapid7 announced on its site in late September. It stated that “researcher Jay Radcliffe discovered that a remote attacker can spoof the Meter Remote and trigger unauthorized insulin injections.”

Health IT Homepage

You Must Be Logged In To Post A Comment

Increase Your
Brand Awareness
Auctions + Private Sales
Get The
Best Price
Buy Equipment/Parts
Find The
Lowest Price
Daily News
Read The
Latest News
Browse All
DOTmed Users
Ethics on DOTmed
View Our
Ethics Program
Gold Parts Vendor Program
Receive PH
Gold Service Dealer Program
Receive RFP/PS
Healthcare Providers
See all
HCP Tools
A Job
Parts Hunter +EasyPay
Get Parts
Recently Certified
View Recently
Certified Users
Recently Rated
View Recently
Certified Users
Rental Central
Rent Equipment
For Less
Sell Equipment/Parts
Get The
Most Money
Service Technicians Forum
Find Help
And Advice
Simple RFP
Get Equipment
Virtual Trade Show
Find Service
For Equipment
Access and use of this site is subject to the terms and conditions of our LEGAL NOTICE & PRIVACY NOTICE
Property of and Proprietary to, Inc. Copyright ©2001-2018, Inc.