HomeTech PlusTECH & OTHER NEWSResearchers say hardcoded passwords in GE medical imaging devices could put patient...

Researchers say hardcoded passwords in GE medical imaging devices could put patient data at risk

Dozens of medical imaging devices built by General Electric are secured with hardcoded default passwords that can’t be easily changed, but could be exploited to access sensitive patient scans, according to new findings by security firm CyberMDX.

The researchers said that an attacker would only need to be on the same network to exploit a vulnerable device, such as by tricking an employee into opening an email with malware. From there, the attacker could use those unchanged hardcoded passwords to obtain whatever patient data was left on the device or disrupt the device from operating properly.

CyberMDX said X-ray machines, CT and MRI scanners, and ultrasound and mammography devices are among the affected devices.

GE uses hardcoded passwords to remotely maintain the devices. But Elad Luz, head of research at CyberMDX, said some customers were not aware that their devices had vulnerable devices. Luz described the passwords as “hardcoded,” because although they can be changed, customers have to rely on a GE engineer to change the passwords on-site.

The vulnerability has also prompted an alert by Homeland Security’s cybersecurity advisory unit, CISA. Customers of affected devices should contact GE to change the passwords.

Hannah Huntly, a spokesperson for GE Healthcare, said in a statement: “We are not aware of any incident where this potential vulnerability has been exploited in a clinical situation. We have conducted a full risk assessment and concluded that there is no patient safety concern. Maintaining the safety, quality, and security of our devices is our highest priority.”

It’s the latest find by the New York-based healthcare cybersecurity startup. Last year the startup also reported vulnerabilities in other GE equipment, which the company later admitted could have led to patient injury after initially clearing the device for use.

CyberMDX, which works primarily to secure medical devices and improve hospital network security through its cyber intelligence platform while conducting security research on the side, raised $20 million earlier this year, just a month into the COVID-19 pandemic.

By TechCrunch Source Link

Technology For You
Technology For Youhttps://www.technologyforyou.org
Technology For You - One of the Leading Online TECHNOLOGY NEWS Media providing the Latest & Real-time news on Technology, Cyber Security, Smartphones/Gadgets, Apps, Startups, Careers, Tech Skills, Web Updates, Tech Industry News, Product Reviews and TechKnowledge...etc. Technology For You has always brought technology to the doorstep of the Industry through its exclusive content, updates, and expertise from industry leaders through its Online Tech News Website. Technology For You Provides Advertisers with a strong Digital Platform to reach lakhs of people in India as well as abroad.

LEAVE A REPLY

Please enter your comment!
Please enter your name here

spot_img

CYBER SECURITY NEWS

TECH NEWS

TOP NEWS