by
Thomas Dworetzky, Contributing Reporter | April 09, 2018
The software vulnerabilities in health care equipment keep coming.
Now the Department of Homeland Security’s Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) has issued an advisory concerning Philips iSite and IntelliSpace PACS medical imaging archiving communications systems and the Alice 6 polysomnography system.
The hacking weaknesses are “predominantly in third-party components,” ICS-CERT stated in its March 29 advisory, adding that “Philips is providing users a number of potential options to remediate these identified vulnerabilities.
Ad Statistics
Times Displayed: 56197
Times Visited: 1643 Ampronix, a Top Master Distributor for Sony Medical, provides Sales, Service & Exchanges for Sony Surgical Displays, Printers, & More. Rely on Us for Expert Support Tailored to Your Needs. Email info@ampronix.com or Call 949-273-8000 for Premier Pricing.
The flaws in the systems could let a hacker “compromise patient confidentiality, system integrity, and/or system availability,” said the agency. In addition, they could be exploited remotely by someone with a “low skill level.”
The vulnerabilities would let hackers execute code, change the control flow of the system, get hold of sensitive data and even crash the system.
Philips has responded that it is addressing the IntelliSpace issues, but at present, it “has received no reports of patient harm." Nor has its analysis revealed an issue that would “impact clinical use, due to mitigating controls currently in place. To date, Philips has received no complaints involving clinical use that we have been able to associate with this problem.”
For the Alice 6 System, the company has “identified hard-coded credentials and clear text storage and transmission of patient personal health information vulnerabilities,” it stated, adding that it has “updated product documentation and will release a new version that mitigates these vulnerabilities.”
To address these new issues at present, Philips recommended three no-charge options that users could select, including:
Simplest: enroll in the Philips recurring patching program, which will remediate 86 percent of all known vulnerabilities.
More robust: enroll in the company's patching program and update system firmware. This ups the remediation rate to 87 percent of all known vulnerabilities including all known critical vulnerabilities.
Maximum protection: The first two options, plus an update of upgrading to IntelliSpace PACS 4.4.55x with Windows operating system 2012, which addresses product hardening. This raises remediation rates to 99.9 percent of all the known vulnerabilities, including all critical vulnerabilities.
Vulnerabilities to hacking are an ongoing challenge to the health care industry. Also, in March, for example,
some GE imaging systems were found by Homeland Security to be open to exploitation.
