Cybersecurity vulnerabilities in GE Healthcare’s ultrasound devices could be exploited by malicious actors, posing significant risks to patient data integrity and the functionality of critical medical equipment.
GE Healthcare recently announced that several of its ultrasound devices, including the Vivid line, have cybersecurity vulnerabilities identified by Nozomi Networks Labs. These vulnerabilities could potentially be exploited by malicious actors to deploy ransomware or manipulate patient data. GE Healthcare has provided mitigations and controls to reduce these risks, emphasizing the importance of safeguarding these devices to prevent critical disruptions in medical care.
Key Points:
- Vulnerability Discovery: Nozomi Networks Labs identified 11 cybersecurity vulnerabilities across various GE Healthcare ultrasound devices and software programs.
- Affected Devices: The vulnerabilities impact devices including the Vivid T9 ultrasound, which runs a customized version of Microsoft Windows 10.
- Risk of Exploitation: Malicious actors with physical access to the devices could exploit these vulnerabilities to install ransomware or manipulate patient data.
- Mitigations and Controls: GE Healthcare has implemented existing mitigations and controls to reduce the risk, stating that it would be immediately obvious if an ultrasound device was rendered unusable.
- Administrative Privileges: Cybersecurity researchers were able to gain full administrative privileges on the Vivid T9 device, allowing them to display a ransom message on the device’s screen.
- Data Manipulation: With full privileges, attackers could access and manipulate all patient data stored on the device, posing significant risks to patient confidentiality and healthcare delivery.
- Impact on Healthcare: An attack on ultrasound devices in a primary healthcare facility could delay critical medical procedures, hinder accurate diagnoses, and impede timely treatment.
- GE Healthcare’s Response: The company confirmed that trained medical staff has conducted a medical safety risk assessment in line with regulatory expectations.
- Recommendations: Nozomi Networks Labs advises never leaving ultrasound devices unattended and blocking incoming connections to workstations with clinical software installed on unprotected networks.
“The inability to access or use the devices due to ransomware could delay critical medical procedures, hinder accurate diagnoses and impede timely treatment. Patient confidentiality, a cornerstone of healthcare ethics, could be compromised, leading to potential breaches of privacy and legal implications for the hospital.”
– Nozomi Networks Labs
More on Cybersecurity