Medical
Vendors

CyberMDX Discovers GE Medical Device Vulnerabilities

January 23, 2020
CyberMDX

Researchers at CyberMDX discovered multiple security vulnerabilities present in GE CARESCAPE Patient Monitors, ApexPro, and Clinical Information Center (CIC) systems.

The vulnerabilities were first reported on September 18, 2019. In the ensuing months, CyberMDX, GE, and CISA collaborated to confirm the vulnerabilities, audit their technical details, evaluate the associated risk, and work through the responsible disclosure process.

The vulnerabilities could potentially allow an attacker to make modifications at the software level of the device, with possible ramifications including rendering the device unusable, interfering with device functionality, certain changes to alarm settings, and exposure of PHI.

CyberMDX Head of Research, Elad Luz, commented, “Our goal is to bring these issues to the attention of healthcare providers so that they can be quickly addressed — contributing to safer, more secure hospitals. As such, every disclosure is another step in the right direction. The speed, responsiveness, and seriousness with which GE treated this matter is very encouraging. At the same time, there remains work to be done and we are eager to see GE issue security patches for these vital devices.”

Full PR Here

Vidya Lakshmi
IndustrialCyber Editor & Features Vidya is a freelance journalist with over 10 years of experience in business journalism. She started her career reporting on U.S. equities markets and later moved to niche financial news. She developed an interest in ICS cybersecurity after researching some incidents and reading about it online.

A complimentary guide to the who`s who in industrial cybersecurity tech & solutions

Free Download

Related

Waterfall’s WF-600 unidirectional security gateway brings 'unbreachable protection' to OT/ICS networks
Waterfall, 2TS enter into cybersecurity alliance for African market
Radiflow helps customers achieve NIS2 compliance, spurring growth in Europe
Radiflow, Exclusive Networks partner to elevate OT cybersecurity
Hexagon and Dragos announce technical alliance to boost industrial cybersecurity, reduce overall OT cyber risk
Hexagon and Dragos announce technical alliance to boost industrial cybersecurity, reduce overall OT cyber risk
Armis
Armis acquires Silk Security for $150 million to enhance AI-driven cybersecurity capabilities
Nozomi discovers five vulnerabilities in AMI MegaRAC SP-X BMC, exposing OT, IOT devices to RCE attacks
Nozomi secures US$1.25 million US Air Force contract to boost DoD critical infrastructure security
House Energy and Commerce Committee members seek answers from UnitedHealth on Change healthcare cyberattack
House Energy and Commerce Committee members seek answers from UnitedHealth on Change healthcare cyberattack
Salvador
Salvador secures investment from Deutsche Telekom to expand cyber-attack recovery platform
SecurityGate
SecurityGate announces general availability of ISA/IEC 62443-2-1 workflow in its platform
Waterfall’s WF-600 unidirectional security gateway brings 'unbreachable protection' to OT/ICS networks
Waterfall Security and AXYS partner to deliver OT protection for data centers
OTORIO Launches Risk Assessment Technology for OT Security with Integrated Advanced Attack Graph Analysis
OTORIO integrates with ServiceNow to boost operational cybersecurity and efficiency