Vulnerabilities found in Philips cardiovascular imaging devices

by Thomas Dworetzky, Contributing Reporter | August 27, 2018

“Philips recognizes that the security of our healthcare, personal health, and home consumer products and services are business-critical for our customers,” the company stated. “Philips has taken the lead in creating a Coordinated Vulnerability Disclosure policy, to collaborate with customers, security researchers, regulators and other agencies to help proactively identify, address and disclose potential vulnerabilities in a safe and effective manner.”

In April, advisories were announced concerning Philips iSite and IntelliSpace, and the Alice 6 polysomnography system.

Your Trusted Source for Sony Medical Displays, Printers & More!

Ampronix, a Top Master Distributor for Sony Medical, provides Sales, Service & Exchanges for Sony Surgical Displays, Printers, & More. Rely on Us for Expert Support Tailored to Your Needs. Email info@ampronix.com or Call 949-273-8000 for Premier Pricing.

The flaws in the systems could let a hacker “compromise patient confidentiality, system integrity, and/or system availability,” said the agency in its notice.

For the Alice 6 System, the company has “identified hard-coded credentials and clear text storage and transmission of patient personal health information vulnerabilities,” it stated, adding that it has “updated product documentation and will release a new version that mitigates these vulnerabilities.”

To address these issues, at the time, Philips advised three no-charge options that users could select, including:

– Simplest: enroll in the Philips recurring patching program, which will remedy 86 percent of all known vulnerabilities.

– More robust: enroll in the company's patching program and update system firmware. This ups the remediation rate to 87 percent of all known vulnerabilities including all known critical vulnerabilities.

– Maximum protection: The first two options, plus an update of upgrading to IntelliSpace PACS 4.4.55x with Windows operating system 2012, which addresses product hardening. This raises remediation rates to 99.9 percent of all the known vulnerabilities, including all critical vulnerabilities.

Vulnerabilities to hacking are an ongoing challenge to the health care industry. Also in March, for example, some GE imaging systems were found by Homeland Security to be open to exploitation.

The GE problems centered on the use of default or hard-coded credentials.

Back to HCB News



You Must Be Logged In To Post A Comment Sign In If you've already created an account, use your email address and password to sign in using the form below. Login Problems: Click here if you are having login issues. Email address: Password: Forgot your password? Login Problems? View our Legal Notice and Privacy Notice Register Registration is Free and Easy. Enjoy the benefits of The World's Leading New & Used Medical Equipment Marketplace. Register Now!