The Department of Homeland Security's cybersecurity team has some troublesome news for people who rely on health care devices popularized by General Electric. In specific, the team reported on Thursday that General Electric's CARESCAPE patient monitors carried six security flaws collectively titled "MDhex." For General Electric, these issues were found in the Apex Telemetry Server, the Central Information Center product, and several other monitors.
What's the issue? — The security flaws could compromise incredibly sensitive and private patient information, according to the department's cybersecurity researchers. To convey how serious the problem is, the researchers claim that five of these flaws scored 10 while one scored 8.5 on the National Infrastructure Advisory Council’s 1-10 score system.
Pending chaos — Cybersecurity analysts worry that these vulnerabilities, if effectively taken advantage of, could unleash chaos on health care providers and the people who rely on these medical devices.
If an external bad actor is able to successfully exploit these weaknesses, the department stated that it could result in complete lack of access to monitor a patient's health, illegal acquirement of private patient data, unauthorized changes made to the monitoring system, deactivating the system altogether, activating unnecessary alarms, silencing an alarm for a patient, and other issues.
What General Electric says — "We are instructing the facilities where these devices are located to follow network management best practices and are developing a software patch with additional security enhancements," a company representative stated. "We are not aware of any incidents where these vulnerabilities have been exploited in a clinical situation." It's not the first time that General Electric devices were found to have security flaws but the company's announcement that it will issue security patches for the vulnerable devices is encouraging, to say the least.