Sector News

Philips issues cybersecurity warning over e-Alert MRI monitoring system

March 31, 2022
Life sciences

While the shift to “smarter,” interconnected healthcare technology has undoubtedly improved the quality of patient care and health outcomes, it has also opened up an entirely new can of cybersecurity worms.

Philips is currently dealing with one such risk after an external researcher discovered a potential vulnerability in its e-Alert MRI monitoring system.

The e-Alert system is equipped with sensors to monitor MRI machines and issue alarms whenever certain factors veer from their preset parameters. The monitored criteria include the humidity and temperature of the technical and exam rooms; the status of a machine’s power supply; chiller, cryo compressor and helium levels; and the placement of its magnet.

According to a notice from the Cybersecurity and Infrastructure Security Agency, or CISA—part of the U.S. Department of Homeland Security—the issue concerns e-Alert systems running software version 2.7 and earlier.

Those systems fail to require any authentication for access to critical system functions, so “successful exploitation of this vulnerability may allow an unauthorized actor to remotely shut down the system” if they’re able to access a healthcare facility’s network, per CISA.

The potential hacking risk has been given a score of 6.5 out of 10, placing it on the higher end of the medium-severity range on the Common Vulnerability Scoring System, or CVSS.

In a statement sent to Fierce Medtech, Philips said it had “proactively and voluntarily” issued an advisory for the cybersecurity risk and alerted the appropriate government agencies as soon as it was discovered.

“At this time, Philips has received no reports of exploitation of this vulnerability,” the company said, noting that since the e-Alert system monitors only the performance of MRI machines, the hacking risk doesn’t pose a direct threat to patient safety.

Philips said it is expecting to issue a correction for the issue by the end of the second quarter of this year. In the meantime, healthcare facilities using the affected e-Alert systems should closely regulate access to their networks and connected devices and minimize remote and internet access to the systems.

This isn’t the first time hacking risks were discovered in Philips’ e-Alert technology. In 2018, Philips discovered and reported to CISA a total of nine cybersecurity flaws in the system that “may allow attackers to provide unexpected input into the application, execute arbitrary code, display unit information or potentially cause e-Alert to crash,” according to the agency’s notice.

The safety event was given a CVSS score of 7.1—just over the high-severity threshold—but all issues were resolved with software updates by the end of 2018.

By Andrea Park

Source: fiercebiotech.com

comments closed

Related News

January 29, 2023

Colorcon, Inc. signs Put agreement with intent to acquire controlled atmosphere packaging specialist Airnov Healthcare Packaging

Life sciences

Airnov provides critical healthcare industries with high-quality, controlled atmosphere packaging, to protect their products from moisture and oxygen. The business has manufacturing facilities in the USA, France, China and India and employs around 700 people.

January 29, 2023

Takeda pledges up to $1.13B for rights to Hutchmed’s cancer drug fruquintinib outside of China

Life sciences

Takeda of Japan has partnered with Hong Kong-based Hutchmed, gaining the commercial rights to colorectal cancer drug fruquintinib outside of China for $400 million up front, plus $730 million in potential milestone payments. Takeda also will help develop fruquintinib, which can be applied to subtypes of refractory metastatic colorectal cancer, regardless of biomarker status, the companies said.

January 29, 2023

Vir taps Bayer dealmaker Marianne De Backer as its next CEO

Life sciences

On April 3, Scangos, who’s been chief executive officer at Vir since the start of 2017, will hand over the reins to Marianne De Backer, Ph.D. De Backer comes over from Bayer, where she currently heads up pharmaceutical strategy, business development and licensing. Alongside her CEO appointment, De Backer is set to join Vir’s board of directors, the company said Wednesday.

How can we help you?

We're easy to reach