Tell Us About Your IoT/Collaboration Meeting Room Plans for 2021 & You Could Win a 60" Display! 
  • Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer

My TechDecisions

  • COVID-19 Update
  • Best of Tech Decisions
  • Topics
    • Video
    • Audio
    • Mobility
    • Unified Communications
    • IT Infrastructure
    • Network Security
    • Physical Security
    • Facility
    • Compliance
  • RFP Resources
  • Downloads
  • Podcasts
  • Subscribe
  • Project of the Week
  • About Us
    SEARCH
IT Infrastructure, News

Some GE Medical Devices Could Expose Patient Data, Researchers Say

Vulnerable GE medical devices are used for CT scans, MRIs, mammograms, ultrasounds and positron emission tomography, and may risk patient data.

December 10, 2020 Guest Authors Leave a Comment

GE medical devices

The U.S. Department of Homeland Security Cybersecurity and Infrastructure Security Agency (CISA) issued a warning to hospitals about dozens of GE medical devices, including imaging and ultrasound products.

According to CISA, an authentication flaw in them poses a serious risk to protected health information.

“A successful exploitation could expose sensitive data such as a limited set of patient health information (PHI) or could allow the attacker to run arbitrary code, which might impact the availability of the system and allow manipulation of PHI,” the warning said.

The flaw was discovered by CyberMDX. According to TechCrunch.com, more than 100 of GE’s devices have hardcoded default passwords that aren’t easy to change. The devices are used for CT scans, MRIs, mammograms, ultrasounds and positron emission tomography, reports ArsTechnica.com. They use default passwords to receive regular maintenance, and the passwords are on the Internet.

Related: FeverWarn Self Service Temperature Scan Solution for Schools, Hospitals

Cyber MDX says attackers only need to be on the same network to exploit a vulnerable device. Attackers can get on a network by tricking authorized users into opening an email with malware, reports Tech Crunch.

Although the default passwords can be changed, they must be changed by a GE engineer who is onsite.

“The profound potential impact of these vulnerabilities coupled with the relative ease of exploitation is what makes them so critical in score,” said an advisory from Cyber MDX.

“Immediately upon discovering the flaw in May 2020, CyberMDX has contacted GE Healthcare to report the issue and both organizations are working together to resolve it.”

The list of affected products can be found here.

CISA says that GE has identified mitigations for specific products and releases and “will take proactive measures to ensure proper configuration of the product firewall protection and change default passwords on impacted devices where possible.

GE recommends users refer to the GE Healthcare Product Security Portal for more details on mitigations and how proactive actions may apply to affected devices.”

GE also recommends the following leading practices:

  • Ensure proper segmentation of the local hospital/clinical network and create explicit access rules based on source/destination IP/port for all connections, including those used for remote support. Specific ports to consider may include those used for TELNET, FTP, REXEC, and SSH
  • Utilize IPSec VPN and explicit access rules at the Internet edge before forwarding incoming connections to the local hospital/clinical network.

CISA also reminded organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.

This post premiered on our sister site, Campus Safety.

Related Content:

  • Microsoft SolarWinds Microsoft Explains How The SolarWinds Attacks Were Able…
  • Chris Krebs CISA fired, CISA Ransomware Campaign CISA Launches Ransomware Awareness Campaign
  • Viking Electronics PA-250-IP SIP/Multicast IP Amplifier provides loud VoIP phone systems New Viking High-Powered Amplifier Made for Unicast, Multicast…
  • Avocor Aquarius WorkSpace Intelligence, Meeting Room Data Analytics platform Avocor WorkSpace Intelligence Meeting Room Data Analytics Service

Free downloadable guide you may like:

  • Top 9 Reasons Enterprise IT Leaders Are Moving Their Video Surveillance to the Eagle Eye Cloud

    Working in IT has enough challenges without adding in the complications of surveillance video. Things like total cost of maintenance, how the VMA manages bandwidth, what cameras are supported, what level of cybersecurity is provided, and what integrations are available to use are important factors IT managers have to think about when assessing a video […]

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Get the FREE Tech Decisions eNewsletter

Sign up Today!

Latest Downloads

9 Technology Products to Help Combat COVID-19 Spread in the Workplace

As the Coronavirus continues on and leads us further into uncertainty, the question remains, “when do we return to the office?” For some the answer...

Top 9 Reasons Enterprise IT Leaders Are Moving Their Video Surveillance to the Eagle Eye Cloud

Working in IT has enough challenges without adding in the complications of surveillance video. Things like total cost of maintenance, how the VMA m...

Using Live Chats and Chatbots to Increase Customer Engagement

There's a lot to consider when building out a chatbot experience to ensure that it delivers a seamless experience and meet your business goals.

View All Downloads

Would you like your latest project featured on TechDecisions as Project of the Week?

Apply Today!
Sharp Microsoft Collaboration HQ Logo

Learn More About the
Windows Collaboration Display

More from Our Sister Publications

Get the latest news about AV integrators and Security installers from our sister publications:

Commercial IntegratorSecurity Sales

Footer

TechDecisions

  • Home
  • Welcome to TechDecisions
  • Subscribe to the Newsletter
  • Contact Us
  • Media Solutions & Advertising
  • Comment Guidelines
  • RSS Feeds
  • Terms of Use
  • Privacy Policy
  • Twitter
  • Facebook
  • Linkedin

Free Technology Guides

FREE Downloadable resources from TechDecisions provide timely insight into the issues that IT, A/V, and Security end-users, managers, and decision makers are facing in commercial, corporate, education, institutional, and other vertical markets

View all Guides
TD Project of the Week

Get your latest project featured on TechDecisions Project of the Week. Submit your work once and it will be eligible for all upcoming weeks.

Enter Today!

© 2021 Emerald X, LLC. All rights reserved.