New cybersecurity warnings have been issued by the United States government after flaws were discovered in GE Healthcare Systems manufactured health devices. The FDA and the U.S. Department of Homeland Security’s Cyber Emergency Response Team released safety notices that outline the vulnerabilities in the healthcare systems.
This is not the first time that GE Healthcare Systems has been in the spotlight with the FDA. In 2009, there was a flaw found in two of their anesthesia device’s models.
The devices in question are used mainly in the healthcare sector and include those devices that are used to monitor heartbeat and blood pressure. The fear is that hackers could infiltrate the system and either cause the alarms to go off in error or prevent them from going off in an emergency.
The Cyber Emergency Response Team said that it would also be possible for a potential hacker to get their hands on private health information as well as going through the weaknesses in the system. The hack could also render the devices unusable.
GE made a public statement to defend the allegations that their devices were flawed. They stated that when the medical care providers receive these devices, they are accompanied by instructions with specific parameters the hospitals must follow. If the hospital fails to follow the protocols suggested for the devices, that makes them vulnerable to an attack through the hospital’s infrastructure.
GE did make sure that they released instructions on how to mitigate the risk of cybersecurity breaches and where to find security patches for the equipment for when they become available.
At the present time, the FDA is not aware of any possible cybersecurity attacks, however, they do acknowledge the risk. They state that it would be very hard to actually detect a breach, but they know that it is possible.
GE confirmed the FDA’s statement, reassuring that there have not been any actual hacking incidents with their devices, or the vulnerabilities associated.