"Insecure Configurations Expose GE Healthcare Devices to Attacks"
Researchers from the healthcare industry-focussed cybersecurity firm, CyberMDX, recently discovered six high-risk vulnerabilities in GE Healthcare products. The vulnerabilities, collectively dubbed MDhex, derive from insecure configurations of features provided by GE Healthcare's patient monitoring devices and servers for remote access and administration. These vulnerabilities involve the reuse of a hard-coded private key, the inclusion of outdated software, insecure updates, and more. According to researchers, these types of vulnerabilities are common in the medical device world. Manufacturers need to consider security in the design of medical devices as attacks on such devices have the potential to impact the security and safety of patients. This article continues to discuss the vulnerabilities found in GE Healthcare products, recommendations on how to mitigate these vulnerabilities, and the importance of implementing security controls during the design of medical devices.
CSO Online reports "Insecure Configurations Expose GE Healthcare Devices to Attacks"