"Select Hillrom Electrocardiograph Products Impacted by Medical Device Vulnerabilities"
According to an advisory released by the US Homeland Security Department's Cybersecurity and Infrastructure Security Agency (CISA), there are two medical device vulnerabilities in select Hillrom electrocardiograph products that could lead to unauthorized access and security risks. Hillrom has issued software upgrades for all affected devices, and new product versions are in development. Although there have been no known exploits using these vulnerabilities, healthcare organizations using these devices should exercise caution and apply defensive measures. The first vulnerability involves the use of hard-coded passwords, while the second vulnerability involves improper access control. An attacker could compromise software security by executing commands, acquiring privileges, reading sensitive information, escaping detection, and more by exploiting these vulnerabilities. CISA urges users to minimize network exposure for all control system devices and/or systems, isolate control system networks and remote devices from the businesses, and more. This article continues to discuss the source, potential impact, and exploitation of the two security vulnerabilities discovered in Hillrom electrocardiograph products.