A MedWatch Safety Alert was added to the FDA Medical Devices webpage.
TOPIC: Certain Clinical Information Central Stations and Telemetry Servers by GE Healthcare: FDA Safety Communication - Cybersecurity Vulnerabilities
AUDIENCE: Patient, Health Professional, Risk Manager
ISSUE: A security firm has identified several vulnerabilities in certain GE Healthcare Clinical Information Central Stations and Telemetry Servers, that may allow an attacker to remotely take control of the medical device and to silence alarms, generate false alarms and interfere with alarms of patient monitors connected to these devices.
The FDA takes reports of cybersecurity vulnerabilities in medical devices seriously and will continue to work with GE Healthcare as the firm develops software patches to correct these vulnerabilities as soon as possible.
BACKGROUND: Health care providers use GE Clinical Information Central Stations and Telemetry Servers to collect and display data from multiple patient monitoring devices. The data includes physiological status (such as temperature, heartbeat, blood pressure), patient demographic or other nonmedical information.
RECOMMENDATION:
For Health Care Providers
- Work with health care facility staff to determine if a medical device used by a patients may be affected and how to reduce associated risk.
For Health Care Facility Staff (including Information Technology and Cybersecurity Staff)
- GE Healthcare will be issuing a software patch to address the vulnerabilities and will notify affected customers to deploy them when the patches are ready. Information about the patches will be posted on the GE Healthcare product security portalExternal Link Disclaimer.
- The risk posed by the vulnerabilities can be reduced by segregating the network connecting the patient monitors with the GE Healthcare Clinical Information Central Stations and Telemetry Servers from the rest of the hospital network, as described in the GE Healthcare documentation for these devices.
- Use firewalls, segregated networks, virtual private networks, network monitors, or other technologies that minimize the risk of remote or local network attacks.
For Patients and Caregivers
- Talk with your health care provider if you have any concerns. The FDA is not aware of any adverse events related to this vulnerability.
No hay comentarios:
Publicar un comentario