GE Clinical Information Stations Vulnerable To Hacking, FDA Warns
Federal health officials indicate certain GE monitoring stations used by healthcare clinicians could be vulnerable to hacking events, such as silencing critical alarms, which may increase the risk of patient injury or death.
The FDA issued a cybersecurity safety communication on January 23, warning certain GE Healthcare servers used to monitor vital patient information contain vulnerabilities, which could be exploited by hackers that could cause harm to patients.
The warning involves GE Healthcare Clinical Information Central Stations and Telemetry Servers, primarily used in health care facilities for monitoring and displaying patient information, such as temperature, heartbeat, blood pressure and other critical vitals from a central location within the facility.
Did You Know?
Millions of Philips CPAP Machines Recalled
Philips DreamStation, CPAP and BiPAP machines sold in recent years may pose a risk of cancer, lung damage and other injuries.Learn More
According to the FDA, hackers could remotely take control of these GE devices to silence critical alarms, generate false alarms, and interfere with other monitors connected to the GE device. This could result in a delay of emergency medical intervention, endangering patients’ lives.
In November 2019, GE Healthcare issued an Urgent Medical Device Correction informing customers of the vulnerabilities and provided instruction on where to find the software updates and patches for the impacted devices. GE recommended hospitals reduce their vulnerabilities by keeping the network connecting the patient monitors separate from the rest of the hospital network.
GE strongly encouraged hospital facilities to use firewalls, segregated networks, virtual private networks, network monitors, or other technologies that minimize the risk of remote or local network attacks.
Cybersecurity threats in the medical field have been a growing concern over the last few years, as vulnerabilities to healthcare organizations’ record systems and medical devices have surfaced.
Since 2014, the U.S. Department of Homeland Security (DHS) has been actively investigating at least two dozen cases of suspected cybersecurity flaws in medical devices and hospital equipment. According to DHS, if preventative actions to strengthen the medical field’s cybersecurity issues are not taken, hackers could exploit these vulnerabilities and put patients in serious risk.
Medtronic has faced multiple cybersecurity vulnerabilities across several devices in recent years. In June 2019, Medtronic issued a recall of the Medtronic MiniMed 508 pump and MiniMed Paradigm series insulin pumps due to cybersecurity flaws which could allow hackers to wirelessly connect to both the patient’s blood glucose meter and monitoring system and change insulin delivery settings and alter glucose level data.
In October 2018, Medtronic issued an Urgent Medical Device Correction to physicians, notifying them that more than 34,000 implantable pacemakers were vulnerable to hacking. Medtronic disconnected the devices from internet access for software updates as a result.
The FDA has been working on a framework for cybersecurity threats across the medical field since 2013, and the need for additional protection has only become more of a necessity with the increased number of incidents. In 2015 alone, the healthcare industry had more data breaches than in the previous six years combined, compromising more than 113 million medical records.
Previous medical device hacking demonstrations have dated back to 2012, when researchers at a RSA security conference in San Francisco in 2012, were able to hack medical devices such as insulin pumps from up to 300 feet away. The demonstration further showed how hackers could remotely take control of the insulin devices, allowing them to deliver lethal doses of insulin to patients without any notification.
"*" indicates required fields
More Top Stories
With thousands of Bard hernia mesh lawsuits pending in the federal court system, a fourth bellwether trial will be held in the spring, involving allegations that defects with Bard 3DMax caused painful and permanent injuries.
A Tepezza hearing loss lawsuit accuses the manufacturer of failing to warn doctors to conduct hearing tests, which could have helped a woman avoid permanent hearing damage.
A South Dakota man has filed one of the first gastroparesis lawsuits against Ozempic manufacturers, alleging that users have not been adequately warned about the risk of severe vomiting and long-term stomach side effects.