The U.S. Food and Drug Administration is issuing a safety communication informing healthcare providers, facilities and patients about cybersecurity vulnerabilities identified for certain GE Healthcare Clinical Information Central Stations and Telemetry Servers. These devices are primarily used in healthcare facilities for displaying patient information, such as the physiologic status (i.e., temperature, heartbeat, blood pressure, etc.) of a patient, and monitoring patient status from a central location in a facility, such as a nurse’s bay. The cybersecurity vulnerabilities identified could allow an attacker to remotely take control of the device to silence alarms, generate false alarms or interfere with the function of patient monitors connected to these devices. For example, an attacker could potentially silence an alarm that is intended to communicate vital information about a patient to healthcare staff, such as a patient’s cardiac status. Read more here.
