Categories: STL.News

FDA informs health care providers about potential cybersecurity vulnerabilities for certain GE Healthcare Clinical Information Central Stations and Telemetry Servers

FDA informs health care providers, facilities and patients about potential cybersecurity vulnerabilities for certain GE Healthcare Clinical Information Central Stations and Telemetry Servers

Silver Spring, MD (STL.News) Today, the U.S. Food and Drug Administration (FDA) is issuing a safety communication informing health care providers, facilities and patients about cybersecurity vulnerabilities identified for certain GE Healthcare Clinical Information Central Stations and Telemetry Servers.  These devices are primarily used in health care facilities for displaying patient information, such as the physiologic status (i.e., temperature, heartbeat, blood pressure, etc.) of a patient, and monitoring patient status from a central location in a facility, such as a nurse’s bay.  The cybersecurity vulnerabilities identified could allow an attacker to remotely take control of the device to silence alarms, generate false alarms or interfere with the function of patient monitors connected to these devices.  For example, an attacker could potentially silence an alarm that is intended to communicate vital information about a patient to health care staff, such as a patient’s cardiac status.  These cybersecurity vulnerabilities were identified by a third-party security firm.  To date, the agency has not received any adverse event reports, including reports of patient harm or device malfunction, associated with these vulnerabilities.

“Medical devices connected to a communications network can offer numerous advantages over non-connected devices, such as access to more convenient or more timely health care.  However, when a medical device is connected to a communications network, there is a risk that cybersecurity vulnerabilities could be exploited by an attacker, which could result in patient harm,” said Suzanne Schwartz, M.D., MBA, acting director of the Office of Strategic Partnerships and Technology Innovation in the FDA’s Center for Devices and Radiological Health.  “The agency understands that cybersecurity is a shared responsibility with the medical device industry, health care delivery organizations, patients, security researchers and other government agencies.  Today’s alert regarding cybersecurity vulnerabilities in certain GE Healthcare stations and servers is a key example of the FDA’s commitment to work with all stakeholders to address cybersecurity issues that affect medical devices in order to keep patients safe.”

The vulnerabilities of certain GE Healthcare Clinical Information Central Stations and Telemetry Servers are such that an attack could occur undetected and without user interaction.  Because an attack may be interpreted by the affected device as normal or routine network communications, it may remain invisible to existing security measures.  Given the potential for patient harm, GE Healthcare has contacted health care providers and facilities that have these devices and has provided information on the vulnerability in addition to instructions for mitigating risk and where to find the software updates or patches when they become available.  The FDA’s safety communication issued today alerts health care providers and facilities of the risk posed by these vulnerabilities and provides recommendations on actions that can be taken to mitigate risks.  These recommendations include advising health care facilities to segregate the network connecting the patient monitors with the affected GE Healthcare Clinical Information Central Stations and Telemetry Servers from the rest of the hospital network, and using firewalls, segregated networks, virtual private networks, network monitors, or other technologies that minimize the risk of remote or local network attacks.

The agency is committed to communicating cybersecurity vulnerabilities to the public and has issued nine safety communications for medical device cybersecurity vulnerabilities since 2013.  The FDA takes reports of vulnerabilities in medical devices seriously and today’s safety communication includes recommendations to health care providers and facilities for continued monitoring, reporting and remediation of medical device cybersecurity vulnerabilities.

The FDA will continue its work with manufacturers and health care delivery organizations—as well as security researchers and other government agencies—to help address cybersecurity issues throughout a device’s total product lifecycle.  The FDA is continuously assessing new information concerning cybersecurity vulnerabilities for medical devices, and will keep the public informed if significant new information becomes available.

The FDA, an agency within the U.S. Department of Health and Human Services, protects the public health by assuring the safety, effectiveness, and security of human and veterinary drugs, vaccines and other biological products for human use, and medical devices.  The agency also is responsible for the safety and security of our nation’s food supply, cosmetics, dietary supplements, products that give off electronic radiation, and for regulating tobacco products.

The post FDA informs health care providers about potential cybersecurity vulnerabilities for certain GE Healthcare Clinical Information Central Stations and Telemetry Servers appeared first on STL.News.

Source link

Editor

Recent Posts

Federal, State, and Local Law Enforcement Warn Against Teleconferencing HackingFederal, State, and Local Law Enforcement Warn Against Teleconferencing Hacking

Federal, State, and Local Law Enforcement Warn Against Teleconferencing Hacking

Federal, State, and Local Law Enforcement Warn Against Teleconferencing Hacking During Coronavirus Pandemic (STL.News) – As our country finds new…

52 mins ago
Arizona Governor Ducey And State Child Care Leaders Announce Launch Of ChildcareArizona Governor Ducey And State Child Care Leaders Announce Launch Of Childcare

Arizona Governor Ducey And State Child Care Leaders Announce Launch Of Childcare

Governor Ducey And State Child Care Leaders Announce Launch Of Childcare For COVID-19 Frontline Workers (STL.News) – This initiative is…

2 hours ago
Wasden Releases New Information on HIPAA Privacy and Security and Breach Notification RulesWasden Releases New Information on HIPAA Privacy and Security and Breach Notification Rules

Wasden Releases New Information on HIPAA Privacy and Security and Breach Notification Rules

(STL.News) – Attorney General Lawrence Wasden has released the following statement regarding enforcement of HIPAA privacy and security and breach…

3 hours ago
Oklahoma AG Hunter Warns of Scams Surrounding Coronavirus Relief FundsOklahoma AG Hunter Warns of Scams Surrounding Coronavirus Relief Funds

Oklahoma AG Hunter Warns of Scams Surrounding Coronavirus Relief Funds

(STL.News) – Attorney General Mike Hunter today issued a warning about potential fraud to Oklahomans awaiting their economic impact payments from…

4 hours ago
Vermont AG Donovan Releases Directive on Enforcement of COVID-19 Executive OrderVermont AG Donovan Releases Directive on Enforcement of COVID-19 Executive Order

Vermont AG Donovan Releases Directive on Enforcement of COVID-19 Executive Order

(STL.News) – Attorney General T.J. Donovan today published Attorney General’s Directive to Law Enforcement on the Enforcement of COVID-19 Emergency…

5 hours ago
Missouri Governor Parson Issues “State Home Missouri” Order – COVID-19Missouri Governor Parson Issues “State Home Missouri” Order – COVID-19

Missouri Governor Parson Issues “State Home Missouri” Order – COVID-19

Missouri Governor Parson Issues “State Home Missouri” Order to Control, Contain, and Combat COVID-19 JEFFERSON CITY, MO (STL.News) Building on…

6 hours ago