News | Cybersecurity | April 16, 2018 | Jeff Zagoudis, Associate Editor

Philips Warns of Cybersecurity Vulnerabilities in IntelliSpace and iSite PACS Products

Company says it has not received any reports of patient harm from vulnerabilities, but is offering remediation options for its customers

Philips Warns of Cybersecurity Vulnerabilities in IntelliSpace and iSite PACS Products

April 16, 2018 — Philips Healthcare last week issued a proactive advisory warning to its iSite and IntelliSpace picture archiving and communication system (PACS) customers of potential security vulnerabilities in the products. The company cautioned that while it has received no reports of patient harm, the vulnerabilities in question could impact or potentially compromise patient confidentiality, system integrity and/or system availability.

Philips identified the cybersecurity vulnerabilities, predominantly in third-party components, that if fully exploited may allow low-skill attackers remote entry to the applications. Once inside, any attackers could potentially:

  • Provide unexpected input into the applications;
  • Execute arbitrary code;
  • Alter the intended control flow of the system;
  • Access sensitive information; or
  • Potentially cause a system crash.

The company said its own analysis does not suggest the vulnerabilities would impact clinical use. This is largely due to the fact that IntelliSpace PACS is operated in a managed service environment that adheres to the latest recommendations of the U.S. Department of Homeland Security’s Industrial Control Systems Cyber Emergency Response Team (ICS-CERT). The company also noted that it uses an automated antivirus solution and offers a monthly recurring patch program for IntelliSpace customers.

ICS-CERT released its own advisory that describes the vulnerabilities in further detail. Read the full ICS-CERT advisory here.

Philips is offering customers three potential pathways to address the security vulnerabilities:

  1. Enrolling in the recurring patch program, which Philips said will remediate 86 percent of all known vulnerabilities;
  2. Option 1 plus updating system firmware, which will remediate 87 percent of all known vulnerabilities, including all known critical vulnerabilities;
  3. Option 2 plus upgrading to IntelliSpace PACS 4.4.5x with Windows operating system 2012, which addresses product hardening. Philips said this option will remediate 99.9 percent of all the known vulnerabilities, including all critical vulnerabilities.

Remediation options are provided at no charge for Philips customers on full service delivery model contracts.

For more information: www.usa.philips.com/healthcare

 

Related Content

AMA survey finds economic, patient-care impact of Change Healthcare cyber-attack ongoing
News | Cybersecurity
Life After Change Cyber-attack: Without Payment for Claims, Physicians Struggle to Keep Practices Afloat

April 10, 2024 — The American Medical Association (AMA) released informal survey findings (PDF) showing the ongoing ...

Home April 10, 2024
Home
In a new letter sent to federal officials on March 12, the American Medical Association (AMA) has presented six relief proposals to support physicians impacted by Change Healthcare hack, and praised the creation of the Change Healthcare/Optum Payment Disruption (CHOPD) Accelerated Payments.
News | Cybersecurity
AMA Presents Relief Proposals to Federal Officials to Support Physicians Impacted by Change Healthcare Hack

March 14, 2024 — The American Medical Association (AMA) has issued a new letter to federal officials in which it praised ...

Home March 14, 2024
Home
An AMA letter sent to Secretary Bacerra outlines ongoing concerns of physicians amidst the cybersecurity incident that has impacted Change Healthcare
News | Cybersecurity
As Cyberattack Jeopardizes Physician Practices, AMA Demands Action

March 6, 2024 — As the cyber-takedown of Change Healthcare has forced medical practices to go without revenue for a ...

Home March 06, 2024
Home
Videos | Cybersecurity
VIDEO: A Look at Cybersecurity and How Healthcare is at Risk

This year at HIMSS, the theme is Health That Connects + Tech That Cares, and cybersecurity is indeed a part of this ...

Home April 21, 2023
Home
The survey reflects the opinions of healthcare cybersecurity professionals that are responsible for either day-to-day operations or oversight of healthcare cybersecurity programs
News | Cybersecurity | By Melinda Taschetta-Millane
2022 HIMSS Healthcare Cybersecurity Survey Report Results Published

April 10, 2023 — The 2022 HIMSS Healthcare Cybersecurity Survey results were recently published. The survey reflects the ...

Home April 10, 2023
Home
New Report Reveals Vulnerabilities of Internet of Things-enabled Healthcare Devices
News | Cybersecurity
New Report Reveals Vulnerabilities of Internet of Things-enabled Healthcare Devices

August 29, 2019 — Use of the Internet of Things (IoT) is booming, with IHS Markit forecasting there will be 73 billion ...

Home August 29, 2019
Home
New Report Examines Hospital Cybersecurity Challenges in Georgia
News | Cybersecurity
New Report Examines Hospital Cybersecurity Challenges in Georgia

August 20, 2019 — Healthcare data breaches are currently being reported at a rate of more than one a day, according to a ...

Home August 20, 2019
Home
According to the National Association of County and City Health Officials, only 33 percent of the organizations plan against cybersecurity threats and initiate patient identity protection protocols.
Feature | Cybersecurity | Maxim Chernyak
How to Protect Health Data With Security Testing Automation

As the National Association of County and City Health Officials state, healthcare breaches remained to be costly and ...

Home May 06, 2019
Home
Videos | Cybersecurity
VIDEO: Preventing Medical Imaging Cyberattacks

Anton S. Becker, M.D., radiology resident at the University Hospital of Zurich, Switzerland, discusses the long-term ...

Home December 12, 2018
Home
FDA and DHS Expand Partnership on Medical Device Cybersecurity
News | Cybersecurity
FDA and DHS Expand Partnership on Medical Device Cybersecurity

October 30. 2018 — The U.S. Food and Drug Administration (FDA) and the U.S. Department of Homeland Security (DHS) will ...

Home October 30, 2018
Home
© Copyright Wainscot Media. All Rights Reserved.
Subscribe Now