FDA is raising awareness among health care providers and facility staff that cybersecurity vulnerabilities in certain GE Healthcare Clinical Information Central Stations and Telemetry Servers may introduce risks to patients while being monitored. Per the FDA notice:
“A security firm has identified several vulnerabilities in certain GE Healthcare Clinical Information Center workstations and Telemetry Servers, that may allow an attacker to remotely take control of the medical device and to silence alarms, generate false alarms and interfere with the function of patient monitors connected to these devices.
These devices are used mostly in healthcare facilities for displaying patient information, such as the physiologic parameters (such as temperature, heartbeat, blood pressure) of a patient, and monitoring patient status from a central location in a facility, such as a nurse’s workstation. To date, the FDA is not aware of any adverse events related to these vulnerabilities.
These vulnerabilities might allow an attack to happen undetected and without user interaction. Because an attack may be interpreted by the affected device as normal network communications, it may remain invisible to existing security measures.”
Read more about cybersecurity vulnerabilities with the GE Healthcare Clinical Information System at the FDA Safety Communication link: http://s2027422842.t.en25.com/e/er?utm_campaign=2020-01-23%20CDRH%20Safety%20Comm%20–%20Cybersecurity%20Vulnerabilities%20-%20GE%20Healthcare&utm_medium=email&utm_source=Eloqua&s=2027422842&lid=11423&elqTrackId=350B6FE7F1138908671E66C02729063B&elq=5c0ea9105d074030a646873da7c39a4a&elqaid=10981&elqat=1
Related post: The FDA’s Role in Medical Device Cybersecurity