DHS issues cybersecurity warning on GE Healthcare’s ECG product: 5 notes

The National Cybersecurity and Communications Integration Center released an advisory May 8 detailing vulnerabilities discovered in a set of GE Healthcare and Silex Technology devices.

The NCCIC, part of the U.S. Department of Homeland Security, serves as a national hub for cybersecurity information and technical expertise and operates a 24/7 analysis and incident response center.

Here are five things to know about the vulnerabilities, which the NCCIC wrote have the potential to affect healthcare and public health sectors worldwide.

1. The affected devices comprise GE Healthcare’s MobileLink electrocardiogram communication solution, along with Silex Technology’s SX-500 and SD-320AN serial device servers.

2. A researcher with information security assessment company Atredis Partners identified the vulnerabilities and reported them to both companies. The vulnerabilities included potential improper authentication and potential operating system command injection, which may be exploited remotely.

3. The NCCIC noted public exploits targeting these

... read more at: https://www.beckershospitalreview.com/cybersecurity/dhs-issues-cybersecurity-warning-on-ge-healthcare-s-ecg-product-5-notes.html