Researchers discovered serious vulnerabilities in two medical management platforms that are used for generating patients reports and managing surgeries. The vulnerabilities lead to an elevated response from the United States Food & Drug Administration and the Department of Homeland Security.
According to information from Secure Business Intelligence, an Australian news service, the vulnerabilities gave security researchers remote root access to the impacted systems. When an individual has root access to a device, he or she can control most of its functions. With the root exploit for the Philips’ platform management system, hackers could potentially steal patient records and other private healthcare information.
The exploit also gave researchers the ability to remotely control medical devices that are connected to the Philips platform. Any connected device that communicates via the HL7 standard could potentially be controlled by hackers.
Due to the severity of the exploits, both the DHS and the FDA took action. Both government groups urged Philips to fix the exploit immediately. However, Philips may have ignored initial warnings. According to Billy Rios and Terry McCorkle, the security researchers who discovered the exploit, private attempts by the researchers to warn Philips about the exploits were ignored. In response, the researchers shared information about the exploit with the FDA and the DHS.
Two days after information about the exploit was released, Marty Edwards, the control system director at the DHS, announced that the government agency would handle all future information on medical device security vulnerabilities.
A smaller exploit was also discovered in a patient monitoring tool by SpaceLabs ICS-Xprezz. The platform, designed for use with the Apple iOS, could give hackers access to restricted parts of a corporate network.
- Technical Data on the Orthopedic TPS Coating - Supplier Resource
- A Best Practices Guide to GMP Compliance Management Systems - Supplier Resource
- MEDTEC Europe & SUDTEC - Event
- MEDTEC UK - Event
- Make vs. Buy – A Model for Performing this Analysis - Webcast
- RFID Solution for Biologics in a Complex Supply Chain - Supplier Resource