Researchers discovered serious vulnerabilities in two medical management platforms that are used for generating patients reports and managing surgeries. The vulnerabilities lead to an elevated response from the United States Food & Drug Administration and the Department of Homeland Security.
According to information from Secure Business Intelligence, an Australian news service, the vulnerabilities gave security researchers remote root access to the impacted systems. When an individual has root access to a device, he or she can control most of its functions. With the root exploit for the Philips’ platform management system, hackers could potentially steal patient records and other private healthcare information.
The exploit also gave researchers the ability to remotely control medical devices that are connected to the Philips platform. Any connected device that communicates via the HL7 standard could potentially be controlled by hackers.
Due to the severity of the exploits, both the DHS and the FDA took action. Both government groups urged Philips to fix the exploit immediately. However, Philips may have ignored initial warnings. According to Billy Rios and Terry McCorkle, the security researchers who discovered the exploit, private attempts by the researchers to warn Philips about the exploits were ignored. In response, the researchers shared information about the exploit with the FDA and the DHS.
Two days after information about the exploit was released, Marty Edwards, the control system director at the DHS, announced that the government agency would handle all future information on medical device security vulnerabilities.
A smaller exploit was also discovered in a patient monitoring tool by SpaceLabs ICS-Xprezz. The platform, designed for use with the Apple iOS, could give hackers access to restricted parts of a corporate network.
- Will Migrating Your Product to a Lower Cost Region Actually Lower Cost? - Supplier Resource
- ADMEDES smart systems | Driving New Technologies and Manufacturing Processes | Enabling New Applications, Materials, and Design Options - Supplier Resource
- flex-IPC Industrial Panel PC's: Customizable IPC Systems for Machine Controlling - Video
- Meeting Prototyping Requirements with Electropolishing - Supplier Resource
- Plastic Injection Molds and Molding: Why What You Don’t Know Could Be Costing You Money - Supplier Resource
- Electronics Miniaturization: Assembly and Rework of Lead Free Package on Package Technology - Supplier Resource