GE Healthcare’s Vivid Ultrasound Software Could Invite Hacking

Devices in the GE Healthcare Vivid Ultrasound family contain 11 software vulnerabilities that could allow malicious invasion of these devices if a person had direct physical access to them, according to a security review conducted by Nozomi Networks Labs.

Nozomi particularly highlighted risks in the Vivid T9 cardiac imaging system and its pre-installed Common Service Desktop web application, and the EchoPAC software. If an attacker gained access to the device, the person could gain administrative privileges and potentially install ransomware and access and manipulate patient data.

Patches and mitigations for these vulnerabilities are available in the GE HealthCare Product Security Portal. GE, which participated in the review, said that existing mitigations and controls effectively reduce the risk “as far as possible,” and that the residual risk is “acceptable.”

To read the whole story, click here.

Related Topics