FDA issues a cybersecurity warning for GE medical equipment

The U.S. Food and Drug Administration, an agency within the U.S. Department of Health and Human Services, recently issued a safety communication informing patients, health care providers and facilities regarding the cybersecurity vulnerabilities identified for Telemetry Servers and GE Healthcare Central Stations for Clinical Information.

These devices are majorly utilized in health care facilities for demonstrating patient information, such as the physiologic status of a patient and for monitoring patient health status from a central location in a facility, for example, from a nurse’s bay. In case of a cybersecurity hacking, an attacker can remotely take control of the device to generate false alarms, silence alarms, or meddle with the function of patient monitors connected to these devices.

Suzanne Schwartz, Director of the Office of Strategic Partnerships and Technology Innovation, Center for Devices and Radiological Health, FDA, was reportedly quoted saying that medical devices connected to a communications network in healthcare facilities offer various advantages over non-connected devices, such as more convenient and timely care of the patients. However, with such connected medical devices there lies a potential risk of cybersecurity vulnerabilities, which can be exploited by an attacker, to harm a patient.

A hacker could possibly silence an alarm that is intended to communicate vital information, such as a patient’s cardiac status to health care staff. The cybersecurity vulnerabilities have been identified by a third-party security organization. However, the agency has not received any adverse event reports, such as patient harm or device malfunction, till date.

Given the possibility for patient harm, GE Healthcare systems has communicated with health care providers & facilities that leverage these devices and has provided information on the vulnerability, as well as recommendations, to mitigate the risk. The private firm has also provided information on where to find the software updates or patches. The safety communication issued by FDA is expected to alert health care providers and facilities regarding the risk posed by such vulnerabilities and possible measures for prevention.

Source Credit: https://www.fda.gov/news-events/press-announcements/fda-informs-health-care-providers-facilities-and-patients-about-potential-cybersecurity