Collaborate Disseminate
As Head of Research at CyberMDX, Elad Luz gathers and analyzes information on a variety of connected healthcare devices in order to improve the techniques used to protect them and/or report about their security issues to vendors. The research includes … Continue reading The challenges of cyber research and vulnerability disclosure for connected healthcare devices
Researchers have discovered six critical and high-risk vulnerabilities – collectively dubbed MDhex – affecting a number of patient monitoring devices manufactured by GE Healthcare. The flaws may, according to GE Healthcare, allow an attacke… Continue reading MDhex vulnerabilities open GE Healthcare patient monitoring devices to attackers
The Feds have warned on six vulnerabilities in GE medical equipment that could affect patient monitor alarms and more. Continue reading Critical, Unpatched ‘MDhex’ Bugs Threaten Hospital Devices
The U.S. Department of Homeland Security’s cybersecurity outfit on Thursday issued an alert about six flaws in popular health care devices that could affect device functionality, expose patients’ health information or create other vulnerabilities. DHS’ Cybersecurity and Infrastructure Security Agency detailed the six vulnerabilities, known collectively at “MDhex,” lurking in medical technology manufactured by GE Healthcare. The issues exist in GE’s line of CARESCAPE patient monitors, including some versions of the Central Information Center product, the Apex Telemetry Server/Tower, the Central Station, a Telemetry Server and three monitor products (the B450, B650 and B850) that display vital patient information to hospital professionals. No known public exploits specifically target these vulnerabilities, CISA said in its alert. Five of the vulnerabilities were assigned a severity score of 10 on a scale of 1-10, while the sixth was rated an 8.5 on the National Infrastructure Advisory Council’s system. GE Healthcare is “developing software […]
The post DHS pushes alert on vulnerable patient monitors sold by GE Healthcare appeared first on CyberScoop.
Continue reading DHS pushes alert on vulnerable patient monitors sold by GE Healthcare
From imaging to monitoring systems, infusion pumps to therapeutic lasers and life support machines, medical devices are used to improve and streamline patient care. Many of these are networked and they can be found everywhere in today’s hospitals. Depe… Continue reading Healthcare’s blind spot: Unmanaged IoT and medical devices
A vulnerability affecting several anesthesia and respiratory devices manufactured by General Electric (GE) Healthcare could allow attackers to manipulate the devices’ settings and silence alarms, CyberMDX researchers have found. About the vulnera… Continue reading Vulnerable GE anesthesia machines can be manipulated by attackers
A flaw in the firmware of anesthesia and respiratory devices made by General Electric could allow a hacker to change the composition of gases dispensed by the equipment, putting patients at risk, cybersecurity researchers warned Tuesday. “If exploited, this vulnerability could directly impact the confidentiality, integrity and availability of device components,” CyberMDX, the health care security company that discovered the issue, said in a statement. For the vulnerability to be exploited, a hacker would need access to a hospital’s network and for the machines to be connected to a terminal server, or one that allows enterprises to connect to multiple systems, according to CyberMDX. But with that access, an attacker could not only alter gas composition, the researchers said, but also silence alarms on the equipment and change dates and timestamps that document a patient’s surgery. “Once the integrity of time and date settings has been compromised, you no longer […]
The post Researchers warn of critical vulnerability in GE anesthesia machines appeared first on CyberScoop.
Continue reading Researchers warn of critical vulnerability in GE anesthesia machines
These vulnerable infusion pumps can be remotely hacked to alter the delivery of IV fluids and medications such as painkillers or insulin. Continue reading Widely used medical infusion pump can be remotely hijacked
Two vulnerabilities in Windows CE-powered Alaris Gateway Workstations (AWGs), which provide support for widely used infusion pumps, could allow remote attackers to disable the device, install malware, report false information, and even instruct the pum… Continue reading Vulnerabilities allow attackers to take over infusion pumps
Researchers have found two vulnerabilities in a type of infusion-pump system, which hospitals used to administer medication, that they say could allow a hacker to disable the device, infect it with malware, or create false readings. The vulnerabilities are in a pump system known as the Alaris Gateway Workstation made by Becton, Dickinson and Company (BD), a New Jersey-based medical equipment vendor. “In extreme cases, the attacker could even communicate directly with pumps connected to the gateway to alter drug dosages and infusion rates,” researchers from CyberMDX, a medical-device security company that found the flaws, said in a press release Thursday. The more severe vulnerability is in the workstation’s firmware and could allow an attacker to “brick” the workstation, rendering it useless unless it is returned to the manufacturer for repair. The other vulnerability could let a hacker alter the workstation’s network configuration and monitor the pump’s status. Firmware updates issued […]
The post Medical infusion-pump system has two bugs, researchers say appeared first on CyberScoop.
Continue reading Medical infusion-pump system has two bugs, researchers say