FDA/CDC

FDA: Cybersecurity vulnerabilities identified in GE Healthcare monitoring devices


 

The Food and Drug Administration has issued a warning that certain GE Healthcare Clinical Information Central Stations and Telemetry Servers have cybersecurity vulnerabilities that may introduce risk to monitored patients.

FDA icon Wikimedia Commons/FitzColinGerald/ Creative Commons License

A security firm identified several vulnerabilities in the GE devices that allow attackers to remotely take control of the medical device, silence alarms, generate false alarms, and interfere with alarms of patient monitors connected to these devices, according to an “Urgent Medical Device Correction” letter issued by GE Healthcare in November 2019.

The affected devices are the ApexPro Telemetry Server and CARESCAPE Telemetry Server, the CARESCAPE Central Station (CSCS) version 1, and the CIC Pro Clinical Information Center Central Station version 1. These devices are used in health care facilities for displaying information, such as the patient’s physiological parameters, and for monitoring patient status from a central location in a facility.

No adverse events related to the vulnerabilities have been reported to the FDA. Health care facility staff should update their devices when GE Healthcare issues a software patch that addresses the vulnerability, separate the network connecting patient monitors using affected devices from the rest of the hospital, and use firewalls and other means to minimize the risk of remote or local network attacks.

“The FDA takes reports of cybersecurity vulnerabilities in medical devices seriously and will continue to work with GE Healthcare as the firm develops software patches to correct these vulnerabilities as soon as possible. The FDA will continue to assess new information concerning the vulnerabilities and will keep the public informed if significant new information becomes available,” the FDA said in the Safety Communication.

Recommended Reading

Air pollution levels correlated with cardiorespiratory mortality, reduced life expectancy
Journal of Clinical Outcomes Management
Study: Cardiac biomarkers predicted CV events in CAP
Journal of Clinical Outcomes Management
HCV coinfection adds to cardiovascular risk in HIV-infected patients
Journal of Clinical Outcomes Management
Early post-ACS bleeding may signal cancer
Journal of Clinical Outcomes Management
Cardiotoxicity after checkpoint inhibitor treatment seen early, linked to elevated biomarkers
Journal of Clinical Outcomes Management
Getting high heightens stroke, arrhythmia risks
Journal of Clinical Outcomes Management
CVD risk in black SLE patients 18 times higher than in whites
Journal of Clinical Outcomes Management
Large population-based study underscores link between gout, CVD event risk
Journal of Clinical Outcomes Management
Cardiovascular risks associated with cannabis use
Journal of Clinical Outcomes Management
Why STEMI patients benefit from PCI of nonculprit lesions
Journal of Clinical Outcomes Management