GE Healthcare’s Patient Monitors are Vulnerable, warned DHS

GE Healthcare’s Patient Monitors are Vulnerable, warned DHS

The U.S. Department of Homeland Security’s Network and Infrastructure Security Agency issued an alert about a series of breakthroughs found in GE Healthcare’s patient monitoring devices on January 23rd, 2020. A vulnerability discovered by researchers and known as MDhex affects GE’s CARESCAPE Clinical Information Center (CIC) Pro patient monitoring product range. Hospital staff uses the CIC Pro workstation to view patient physiological data and waveforms and patient demographics in real-time from a single vision array. Data from the device is transmitted from different side displays via a shared network, and the technology can also be centrally managed. These features are the source of potential problems.

There are a total of six vulnerabilities that enable hackers to access the device and then make it unusable, interfere with its functions, change alert settings, and steal protected health information. Affected devices include:

  • Central Information Center (CIC), versions 4.x and 5.x
  • CARESCAPE Central Station (CSCS), versions 1.x and 2.x
  • CARESCAPE telemetry server, versions 4.3, 4.2 and earlier
  • Apex Pro telemetry server/tower, version 4.2 and earlier
  • B450 Patient Monitor, version 2.x
  • B650 patient monitor, versions 1.x and 2.x
  • B850 Patient Monitor, versions 1.x and 2.x

A GE Healthcare spokesperson said in a statement that:

“We are instructing the facilities where these devices are located to follow network management best practices and are developing a software patch with additional security enhancements. We are not aware of any incidents where these vulnerabilities have been exploited in a clinical situation.”

The vulnerability was initially reported on September 18th, 2019, by researchers. GE had treated this matter with speed, responsiveness, and seriousness. Even though there remains work to be done and GE is still working on the security patches for these vital devices, it is encouraging to see GE’s immediate response to the vulnerability.



Experiencing A Cyber Emergency!

Please Contact Us On Our Cyber Security Incident Response Hotline +1-212-222-7061