FDA Warns of Cyber Risks With Certain GE Devices
The US Food and Drug Administration (FDA) on Thursday warned that several GE Healthcare devices could be hacked to silence alarms connected to the devices, generate false alarms and interfere with alarms of patient monitors connected to these devices.The warning concerns GE’s Clinical Information Central Stations and Telemetry Servers, which FDA says are mostly used for displaying information such as a patient’s temperature, heartbeat and blood pressure, as well as monitoring a patient’s status from a central location in a facility, such as a nurse’s workstation.
The vulnerabilities were first reported to GE by the security firm CyberMDX, although GE said there have been no reported cyberattacks or any reported injuries associated with any of these vulnerabilities. The company also said the devices can continue to be used and hospitals should properly configure the devices’ Mission Critical (MC) and/or Information Exchange (IX) networks to ensure their isolation so that a potential hacker would need to gain physical access to the devices in order to exploit them.
GE also said it is developing software updates/patches including additional security enhancements that will be made available.
Recently, FDA has also raised concerns and alerted medical device manufacturers and other stakeholders to 11 cyber vulnerabilities, in addition to specific ones for Medtronic insulin pumps and implantable cardiac devices.
FDA
GE Update
FDA on Cybersecurity