DOTmed Home MRI Oncology Ultrasound Molecular Imaging X-Ray Cardiology Health IT Business Affairs
News Home Parts & Service Operating Room CT Women's Health Proton Therapy Endoscopy HTMs Mobile Imaging
SEARCH
Current Location:
>
> This Story


Log in or Register to rate this News Story
Forward Printable StoryPrint Comment

 

 

Health IT Homepage

Guerbet teams with Imalogix to enhance dose management Utilizes Imalogix's AI-based process and workflow solutions

Healthix adopts Verato solution for patient matching, waives HIE connection fee Largest public health information exchange in the US

Tech giants sign on to interoperability pledge Amazon, Google, IBM, Microsoft, Oracle, and Salesforce agree to common interest

Research team uncovers 20 security flaws in widely used EHR software Left data of millions worldwide vulnerable to various cyberattacks

Bringing a higher standard to standardization at AAMI Saved Care New England over $650,000, continuing standardization there

REAL Radiology acquires Argus Radiology Consultants Aligns two 100 percent radiologist owned-and-operated organizations

Daphne Jones AMN Healthcare Board appoints new independent director

Value-based care is here: How health IT can help Identify the gaps in your data and analytics and begin to raise the bar

Varian to acquire humediQ Global Bringing IDENTIFY automated workflow solution to surface-guided radiation therapy

Brian Tyler McKesson appoints president and chief operating officer

Homeland Security warns that Philips DoseWise Portal has security vulnerabilities

by Thomas Dworetzky , Contributing Reporter
Philips DoseWise Portal (DWP), a web application for reporting and tracking radiation exposure, could be remotely hacked, according to Homeland Security — but a new update improves security.

In an Industrial Control System Computer Emergency Response Team (ICS-CERT) advisory the agency has advised that, “Philips has identified hard-coded credentials and cleartext storage of sensitive information vulnerabilities” in its application, and the company has announced that there is an August update of the product documentation and a new version “that mitigates these vulnerabilities.”

Story Continues Below Advertisement

THE (LEADER) IN MEDICAL IMAGING TECHNOLOGY SINCE 1982. SALES-SERVICE-REPAIR

Special-Pricing Available on Medical Displays, Patient Monitors, Recorders, Printers, Media, Ultrasound Machines, and Cameras.This includes Top Brands such as SONY, BARCO, NDS, NEC, LG, EDAN, EIZO, ELO, FSN, PANASONIC, MITSUBISHI, OLYMPUS, & WIDE.



The versions affected are DoseWise Portal 1.1.7.333 and 2.1.1.3069. They will be upgraded to Version 2.1.2.3118 – which will replace the authentication method and remove the hard-coded/fixed password vulnerabilities from the system, according to the agency.

A hacker exploiting the vulnerabilities could access the portal database, which holds patient health information.

One of the flaws is that there are hard-coded credentials for a back-end database account in the application – allowing a hacker to gain access to the back-end system. The portal also stores other login credentials in cleartext in the back-end database – thus allowing access to patient data.

To date, there is no indication that anyone has exploited this system weakness, but little skill would be required to do so, according to Homeland.

Until the update can be installed, Philips suggests the following steps be taken:

  • Make certain of network security best practices

  • Block Port 1433, unless a separate SQL server is being used

This advisory can be found here.

ICE-CERT also advised that all networked medical devices and systems be reviewed to ensure they can't be attacked via the Internet, are behind firewalls, and isolated from the institution's business networks.

If remote access is needed, it advised the use of more rigorous security, such as a VPN.

The portal's weakness to attack is just the latest hacking issue to arise in the networked medical device and software space.

Earlier in August, some Siemens PET/CT scanners were identified as vulnerable to hacking.

“Exploits that target these vulnerabilities are publicly available,” the ICS-CERT advisory noted at the time. Again, the skill level needed by a hacker would be deemed “low.”

Four vulnerabilities were identified, all linked to the fact that the products run Windows 7.

The products involved included all Windows 7-based versions of Siemens PET/CT Systems, SPECT/CT Systems, and SPECT Systems, and Siemens SPECT Workplaces/Symbia.net.

Perhaps even more alarming, in 2016, a white-hat security expert and diabetic uncovered a flaw allowing others to manipulate insulin levels remotely in the Johnson & Johnson Animas OneTouch Ping insulin pump.

“The OneTouch Ping insulin pump system uses cleartext communications, rather than encrypted communications, in its proprietary wireless management protocol,” the security firm Rapid7 announced on its site in late September. It stated that “researcher Jay Radcliffe discovered that a remote attacker can spoof the Meter Remote and trigger unauthorized insulin injections.”

Health IT Homepage


You Must Be Logged In To Post A Comment

Advertise
Increase Your
Brand Awareness
Auctions + Private Sales
Get The
Best Price
Buy Equipment/Parts
Find The
Lowest Price
Daily News
Read The
Latest News
Directory
Browse All
DOTmed Users
Ethics on DOTmed
View Our
Ethics Program
Gold Parts Vendor Program
Receive PH
Requests
Gold Service Dealer Program
Receive RFP/PS
Requests
Healthcare Providers
See all
HCP Tools
Jobs/Training
Find/Fill
A Job
Parts Hunter +EasyPay
Get Parts
Quotes
Recently Certified
View Recently
Certified Users
Recently Rated
View Recently
Certified Users
Rental Central
Rent Equipment
For Less
Sell Equipment/Parts
Get The
Most Money
Service Technicians Forum
Find Help
And Advice
Simple RFP
Get Equipment
Quotes
Virtual Trade Show
Find Service
For Equipment
Access and use of this site is subject to the terms and conditions of our LEGAL NOTICE & PRIVACY NOTICE
Property of and Proprietary to DOTmed.com, Inc. Copyright ©2001-2018 DOTmed.com, Inc.
ALL RIGHTS RESERVED