by
Thomas Dworetzky, Contributing Reporter | April 09, 2018
The GE problems centered on the use of default or hardcoded credentials.
According to the alert a possibly "successful exploitation of this vulnerability” could let remote hackers get around authentication “and gain access to the affected devices."
Ad Statistics
Times Displayed: 45539
Times Visited: 1299 Ampronix, a Top Master Distributor for Sony Medical, provides Sales, Service & Exchanges for Sony Surgical Displays, Printers, & More. Rely on Us for Expert Support Tailored to Your Needs. Email info@ampronix.com or Call 949-273-8000 for Premier Pricing.
Such a hack could pose big risks. Phil Curran, chief information assurance officer and chief privacy officer at Cooper University Health Care in Camden, New Jersey, told the site Gov Info Security of the ISMG Network that, "depending on what function the user ID/password provides within the code, the range goes from affecting how the device operates – a patient safety issue – to changing data integrity, to complete shutdown, to accessing patient information."
GE reviewed “the capability to change passwords identified by the researcher within the product documentation,” according to the ICS-CERT alert, "and users are advised to contact GE Service for assistance in changing passwords."
The advisory also stated that a number of GE Healthcare devices are potentially impacted, including its Optima, Discovery, Revolution, Centricity, THUNIS, eNTEGRA, CADStream, GEMNet, Infinia, Millenium, Precision MP/i, and Xeleris lines.
GE Healthcare stated to DHS's Industrial Control Systems Cyber Emergency Response Team that “We are working closely with customers to implement best practices for security, and supporting requests for assistance in changing passwords."
Back to HCB News
