Sunday, September 20, 01:16
Home security Danger to patients! Vulnerabilities affect GE Healthcare devices

Danger to patients! Vulnerabilities affect GE Healthcare devices

GE HealthcareHer research team CyberMDX, a company specializing in safety of health care organizations, revealed the existence six vulnerabilities called Mdhex and affecting seven Appliances by GE Healthcare monitoring the condition of patients.

These devices are placed near the patient's beds, collecting medical supplies data and send them to one server. The server is monitored by doctors and nursing staff. According to CyberMDX researchers, Vulnerable GE Healthcare devices are:

  • Central Information Center (CIC), versions 4.x and 5.x
  • CARESCAPE Central Station (CSCS), versions 1.x and 2.x
  • CARESCAPE Telemetry Server, versions 4.3, 4.2 and above
  • Apex Pro Telemetry Server / Tower, versions 4.2 and above
  • B450 patient monitor, version 2.x
  • B650 patient monitor, versions 1.x and 2.x
  • B850 patient monitor, versions 1.x and 2.x

According to CyberMDX experts, exploiting Mdhex vulnerabilities can allow an intruder to gain access the network of a hospital, get him control of devices and put on risk patients' lives.

In addition to CyberMDX's disclosure, the Department of Homeland Security has published tips aimed at alerting healthcare organizations to MDhex vulnerabilities.

One method of risk mitigation is the placement of GE Healthcare devices separately networks. These devices should not be on the same network as the rest of the hospital systems.

The patches will be ready by 2ο quarter of 2020

There are currently no security updates available. A GE Healthcare spokesman said the company plans to release one patch in the second quarter of 2020.

According to researchers of CyberMDX, the vulnerabilities are too serious.

However, a GE Healthcare spokesman said the situation is serious but not as tragic as it appears.

The company also said that if healthcare organizations properly set up devices and place them on isolated networks, the risk is even lower.

Hospitals have been updated since last year

GE Healthcare is aware of these errors from last year, although the revelation was made today. All this time the company has been trying to reduce the risk informing hospitals to receive meters security.

“GE Healthcare has started sending letters to customers around the world on November 12, 2019, to remind them of the need to properly configure patient monitoring networks, ”said a GE spokesman.

“We advise our clients to ensure that their networks are properly configured and isolated to protect against these potential attacks and mitigate the risk. ”

GE Healthcare has also announced that it plans to publish this warning on its web portal to become widely known.

There is no indication that these vulnerabilities have been used by hackers.

In addition to the MDhex vulnerabilities, GE Healthcare also encountered other security issues last year. CyberMDX has found vulnerabilities in several of its anesthesia machines company.


Please enter your comment!
Please enter your name here

Absent Mia
Absent Mia
Being your self, in a world that constantly tries to change you, is your greatest achievement


The Windows 10 Android streaming app is available on some devices

Last month, Microsoft announced that Samsung Galaxy smartphones will be able to stream from Android apps to Windows ...

Hackers throw because he insulted Erdogan!

Hacker _ The website was hacked by Turkish hackers because it published a news headline that the Turkish government said offended ...

How to control your data consumption on Android!

Most people need to keep a close eye on data consumption to avoid any surprises in their account. So it is very important ...

What technological innovations determine the future of cybersecurity?

The advancement of technology beyond the facilities it offers, increasing both the speed and the quality of safety performance, ...

Microsoft Outlook: How to block emails from specific senders?

Have you ever received emails from people you do not want? If so, Microsoft ...

US: Department of Commerce abolishes TikTok on September 20th

As announced today by the US Department of Commerce, it will proceed to ban the download of the popular Chinese application TikTok and WeChat, ...

Group Tabs: Chrome will automatically create group Tabs

Google wants to rid users of manually creating tabs from users, so the Chromium team is testing it ...

Pinephone: The version with Manjaro Linux is now available for preorder

A few hours earlier, PINE64 announced that the new Pinephone 'Manjaro Community Edition' is now available for ...

Error allows remote code to run on Apple devices

Bugs found on iPhone, iPad and iPod have been fixed by Apple through new updates for iOS systems ...

The CEO of cyber fraud company NS8 has been arrested for fraud

The CEO of the NS8 cyber fraud company has been arrested and charged with defrauding the company's investors.