A security firm has identified several vulnerabilities in certain GE Healthcare clinical information centre workstations and telemetry servers, that may allow an attacker to remotely take control of some of their medical devices to interfere with the function of patient monitors connected to these devices. This information was announced by the FDA.
silence alarms, generate false alarms,
These devices are used mostly in healthcare organisations to monitor and display patient information, such as temperature, heartbeat and blood pressure from a central location in a facility, such as a nurse’s workstation. These vulnerabilities might allow an attack to happen undetected and without user interaction, alarms can be silenced and false alarms could be triggered. The existing security measures may be interpreted the communication to the affected device as normal network communications, and therefore go undetected.