-CVE-2018-6021 (GE MobileLink/GEH-SD-320AN) – Silex Technology and GE Healthcare have made updated firmware for the GEH-SD-320AN, which will be available May 31, 2018, for download.

These flaws are cropping up with more frequency as devices become evermore connected in healthcare settings.

In March, ICS-CERT issued hacking warnings for Philips iSite and IntelliSpace PACS medical imaging archiving communications systems and the Alice 6 polysomnography system, citing hacking weaknesses that are “predominantly in third-party components,” the agency stated, adding that “Philips is providing users a number of potential options to remediate these identified vulnerabilities.”

Also in March, another alert warned of default or hardcoded password issues that could impact a number of GE Healthcare devices, including its Optima, Discovery, Revolution, Centricity, THUNIS, eNTEGRA, CADStream, GEMNet, Infinia, Millenium, Precision MP/i, and Xeleris.

At that time GE reviewed “the capability to change passwords identified by the researcher within the product documentation", according to the ICS-CERT alert, "and users are advised to contact GE Service for assistance in changing passwords."

That advisory also noted that there are some updates from GE to address the default or hardcoded credentials, but not for the Optima 680, Revolution XQ/i, and THUNIS-800+ systems.

The problem has mushroomed in recent years. In the past two years, alone, the U.S. Department of Health and Human Services Office of Civil Rights has publicly posted reports of security breaches from almost 400 healthcare providers, payers or life science organizations, according to ClearDATA's Chris Bowen.

Back to HCB News

Health IT Homepage