DOTmed Home MRI Oncology Ultrasound Molecular Imaging X-Ray Cardiology Health IT Business Affairs
News Home Parts & Service Operating Room CT Women's Health Proton Therapy Endoscopy HTMs Mobile Imaging
Current Location:
> This Story

Log in or Register to rate this News Story
Forward Printable StoryPrint Comment




Health IT Homepage

Ramsoft partners with QliqSOFT Enables secure messaging of information on mobiles among doctors and patients

Amazon Comprehend Medical to bring natural language processing to healthcare A new HIPAA-eligible machine learning service

Agfa showcases rad/fluoro DR 800 system at RSNA Enhance patient and operator comfort

EBM Technologies brings PACS image viewing to iPad Pro at RSNA System works with any PACS, enabling FDA-cleared remote reading

Arterys touts cloud-native platform and regulatory approval in 98 countries AI capabilities with 'unmatched' security

Carestream unveils interactive multimedia and workflow enhancements Enhancing collaboration and productivity among providers and patients

Nuance launches AI Marketplace expansion with 40+ AI radiology 'app developer' network Also unveils cloud-based version of PowerScribe One reporting platform

University of Utah Health among first to leverage Philips Illumeo PACS with adaptive intelligence On display at RSNA

Siemens unveils syngo Virtual Cockpit software for CT, MR and PET at RSNA Offers remote expert technicians when needed

Intelerad acquires Clario for PACS-agnostic worklist capabilities Will ramp up presence in Seattle to leverage cloud technology expertise

What you need to know about the latest Philips, Silex and GE hack vulnerabilities

by Thomas Dworetzky , Contributing Reporter
The U.S. Department of Homeland Security ICS-CERT has issued cyber vulnerability advisories for the Philips Brilliance CT system, and the Silex Technology SX-500/SD-320AN and GE Healthcare MobileLink.

Many of the weak spots are familiar, involving relatively low-level skills that could let a hacker change his or her privileges to an elevated user level, enabling access to other parts of the system – even possibly gaining entry to the larger network using hard-coded credentials for authentication.

Story Continues Below Advertisement

RamSoft PowerServer™ RIS/PACS - Enabling Efficient Diagnostic Imaging

RamSoft's PowerServer™ RIS/PACS is an intuitive, single database application that enables healthcare practices to operate diagnostic imaging more efficiently than ever before.Why is this important? Click to find out.

Philips had been working on the issue, which it said in its statement involved the following systems:

• Brilliance 64 version 2.6.2 and below
• Brilliance iCT versions 4.1.6 and below
• Brillance iCT SP versions 3.2.4 and below
• Brilliance CT Big Bore 2.3.5 and below.

Philips confirmed the flaw, advising that the vulnerability is not exploitable remotely, noting that “an attacker would need local access to the kiosk environment of the medical device to be able to implement the exploit.”

So far, there are no reports of a hack using this vulnerability in the real world.

It has also fixed the hardcoded credentials vulnerabilities “for all Brilliance iCT 4.x and above versions,” it stated.

Going forward, the company advises that users set products up “within specifications,” especially software and security settings.

It also suggested more broadly that sites “implement a comprehensive, multilayered strategy to protect their systems from internal and external security threats, including restricting physical access of the scanner to only authorized personnel.”

The second Homeland advisory concerned the Silex Technology SX-500/SD-320AN and GE Healthcare MobileLink.

Again, hacking skill level required is low, but in this case the hack can be done remotely.

One flaw would let unauthorized hackers change system settings, due to a problem of verification in the software. Another flaw is the way memory is “cleaned” that could permit code to be planted by a hacker and then executed.

After researcher Eric Evenchick of Atredis Partners brought these problems to the attention of the companies, the vulnerabilities were fixed, he reported to Homeland.

Updates are available with these fixes and Silex Technologies and GE Healthcare recommend the following steps be taken by their users:

-CVE-2018-6020 (GE MobileLink/SX-500) – Enable the “update” account within the web interface, which is not enabled by default. Set the secondary password for the “update” account to prevent unauthenticated changes to the device configuration.
  Pages: 1 - 2 >>

Health IT Homepage

You Must Be Logged In To Post A Comment

Increase Your
Brand Awareness
Auctions + Private Sales
Get The
Best Price
Buy Equipment/Parts
Find The
Lowest Price
Daily News
Read The
Latest News
Browse All
DOTmed Users
Ethics on DOTmed
View Our
Ethics Program
Gold Parts Vendor Program
Receive PH
Gold Service Dealer Program
Receive RFP/PS
Healthcare Providers
See all
HCP Tools
A Job
Parts Hunter +EasyPay
Get Parts
Recently Certified
View Recently
Certified Users
Recently Rated
View Recently
Certified Users
Rental Central
Rent Equipment
For Less
Sell Equipment/Parts
Get The
Most Money
Service Technicians Forum
Find Help
And Advice
Simple RFP
Get Equipment
Virtual Trade Show
Find Service
For Equipment
Access and use of this site is subject to the terms and conditions of our LEGAL NOTICE & PRIVACY NOTICE
Property of and Proprietary to, Inc. Copyright ©2001-2018, Inc.