FDA warns of cybersecurity gaps in GE Healthcare's patient monitors

FDA
Affected systems include GE's ApexPro, Carescape and CIC Pro stations and servers. (FDA)

The FDA has delivered a notice to healthcare providers and facilities warning them about cybersecurity vulnerabilities within certain clinical information stations made by GE Healthcare.

These devices and telemetry serves are mainly used to monitor and display vital signs and patient information, including their heart rate, blood pressure and temperature. According to the agency, exploits have been uncovered that could allow attackers to remotely take control of the device, giving them the ability to silence alarms or generate false ones.

“Medical devices connected to a communications network can offer numerous advantages over non-connected devices, such as access to more convenient or more timely health care,” said Suzanne Schwartz, the FDA’s acting director of the Office of Strategic Partnerships and Technology Innovation at the agency’s Center for Devices and Radiological Health.

Free Webinar

From Patient Adherence to Manufacturing Ease - Why Softgels Make Sense for Rx

Join Thermo Fisher Scientific’s upcoming webinar to learn why softgels offer numerous benefits for Rx drug development, including enhanced bioavailability, patient compliance and easy scale-up. Register Today.

RELATED: FDA planning to require cybersecurity checks in device submissions

“However, when a medical device is connected to a communications network, there is a risk that cybersecurity vulnerabilities could be exploited by an attacker, which could result in patient harm,” said Schwartz. The FDA said it has not received any related adverse event reports, including reports of harm or device malfunction.

According to the agency, GE Healthcare contacted its customers in November 2019 about the issue and provided instructions for mitigating any risks as well as where to find software updates once they are available. The affected systems include the ApexPro, Carescape and CIC Pro stations and servers.

The FDA also recommended housing the affected clinical information central stations and servers on a network separate from the rest of the hospital’s computers while taking measures to minimize the risk of remote or local network attacks.

Suggested Articles

Biotech IPOs are up over 40% year-to-date, but today’s markets have rewritten the rules for going public. Find out the new best practices for IPOs.

Baxter has received clearance from the FDA for the latest version of its automated peritoneal dialysis system designed for home use.

ATAI Life Sciences is topping off a busy year with a $125 million financing, which will push two programs through phase 2 readouts.