Health care providers are being warned by the Food and Drug Administration that some computer programs used to monitor patients’ vital signs while in a health care facility could be vulnerable to cyberattack.
In a safety communication issued Jan. 23, the agency informed patients and health care providers that it had identified cybersecurity vulnerabilities in certain GE Healthcare Clinical Information Central Stations and Telemetry Servers.
These devices are used inside health care facilities to display patient information, including heartbeat and blood pressure. They allow for a patient’s status to be monitored in real-time from another location in the building, like a nurse’s bay.
The FDA says the vulnerabilities could, in theory, allow a remote attacker to take control of these monitoring devices and interfere with their function, generate false alarms or silence their alarms altogether. Issues were identified by a third party security firm and have thus far not been exploited, the agency said in a news release.
“The agency understands that cybersecurity is a shared responsibility with the medical device industry, health care delivery organizations, patients, security researchers and other government agencies,” said Suzanne Schwartz, acting director of the FDA’s Office of Strategic Partnerships and Technology Innovation.
“Today’s alert regarding cybersecurity vulnerabilities in certain GE Healthcare stations and servers is a key example of the FDA’s commitment to work with all stakeholders to address cybersecurity issues that affect medical devices in order to keep patients safe.”
The communication advises health care facilities to segregate the affected systems from the rest of the hospital network, and to mitigate the threat of an outside attack by using firewalls, VPNs or network monitors.
WTOP’s Alejandro Alvarez contributed to this report.