FDA warns of cybersecurity gaps in GE Healthcare's patient monitors

Affected systems include GE's ApexPro, Carescape and CIC Pro stations and servers. (FDA)

The FDA has delivered a notice to healthcare providers and facilities warning them about cybersecurity vulnerabilities within certain clinical information stations made by GE Healthcare.

These devices and telemetry serves are mainly used to monitor and display vital signs and patient information, including their heart rate, blood pressure and temperature. According to the agency, exploits have been uncovered that could allow attackers to remotely take control of the device, giving them the ability to silence alarms or generate false ones.

“Medical devices connected to a communications network can offer numerous advantages over non-connected devices, such as access to more convenient or more timely health care,” said Suzanne Schwartz, the FDA’s acting director of the Office of Strategic Partnerships and Technology Innovation at the agency’s Center for Devices and Radiological Health.


Like this story? Subscribe to FierceBiotech!

Biopharma is a fast-growing world where big ideas come along every day. Our subscribers rely on FierceBiotech as their must-read source for the latest news, analysis and data in the world of biotech and pharma R&D. Sign up today to get biotech news and updates delivered to your inbox and read on the go.

RELATED: FDA planning to require cybersecurity checks in device submissions

“However, when a medical device is connected to a communications network, there is a risk that cybersecurity vulnerabilities could be exploited by an attacker, which could result in patient harm,” said Schwartz. The FDA said it has not received any related adverse event reports, including reports of harm or device malfunction.

According to the agency, GE Healthcare contacted its customers in November 2019 about the issue and provided instructions for mitigating any risks as well as where to find software updates once they are available. The affected systems include the ApexPro, Carescape and CIC Pro stations and servers.

The FDA also recommended housing the affected clinical information central stations and servers on a network separate from the rest of the hospital’s computers while taking measures to minimize the risk of remote or local network attacks.

Suggested Articles

Coronavirus may not require a front-line battle yet in certain places, but it’s still taxing public health officials preparing for a potential crisis.

Loretta Itri, M.D. has been helping Immunomedics out with its troubled antibody-drug conjugate. Now, she’s signing on as its chief medical officer.

Cybernet Manufacturing, maker of medical-grade computer monitors, has unveiled a new, large touchscreen designed to protect against infections.