https://www.fda.gov/medical-devices/safety-communications/cybersecurity-vulnerabilities-certain-ge-healthcare-clinical-information-central-stations-and?utm_campaign=2020-01-23%20CDRH%20Safety%20Comm%20%E2%80%93%20Cybersecurity%20Vulnerabilities%20-%20GE%20Healthcare&utm_medium=email&utm_source=Eloqua

Cybersecurity Vulnerabilities in Certain GE Healthcare Clinical Information Central Stations and Telemetry Servers

The U.S. Food and Drug Administration (FDA) is raising awareness among health care providers and facility staff that cybersecurity vulnerabilities in certain GE Healthcare Clinical Information Central Stations and Telemetry Servers may introduce risks to patients while being monitored.

Read the Safety Communication

A security firm has identified several vulnerabilities in certain GE Healthcare Clinical Information Center workstations and Telemetry Servers, that may allow an attacker to remotely take control of the medical device and to silence alarms, generate false alarms and interfere with the function of patient monitors connected to these devices. These devices are used mostly in healthcare facilities for displaying patient information, such as the physiologic parameters (such as temperature, heartbeat, blood pressure) of a patient, and monitoring patient status from a central location in a facility, such as a nurse’s workstation. To date, the FDA is not aware of any adverse events related to these vulnerabilities. These vulnerabilities might allow an attack to happen undetected and without user interaction. Because an attack may be interpreted by the affected device as normal network communications, it may remain invisible to existing security measures. Questions? If you have questions about this safety communication, contact the Division of Industry and Consumer Education.