The U.S. Food and Drug Administration (FDA) has issued a warning regarding susceptibility to hacking attacks on GE Healthcare Systems (GEHC) medical devices. The risks include telemetry devices and clinical information stations.
Devices vulnerable to cyberattack
Susceptibility to hacking attacks was detected in ApexPro and CARESCAPE devices, as well as in the first version of CIC Pro Clinical. This equipment is used in medical facilities and is used to monitor patients’ condition such as heart rate or blood pressure. Monitoring in these devices can be carried out both at the patient’s bedside and remotely within the information centre.
System vulnerabilities may allow potential attackers to gain access remotely and silence alarm signals emitted by devices. They can also generate false alarms and modify settings of other devices connected within one network. It is also possible to obtain legally protected medical data and modify devices to make them useless in practice.
Protection against hackers
GE Healthcare Systems has taken steps to prevent attacks. The manufacturer has published instructions on its website to minimize risk and announced the release of a software security update.
However, there are currently no reports of hackers exploiting the vulnerability of GEHC hardware devices.