Two types of hospital anesthesia devices manufactured by GE Healthcare contain significant cyber vulnerabilities, a federal agency contends.
Cybersecurity vendor CyberMDX, based in New York, discovered the medical device vulnerabilities in GE Healthcare anesthesia and respiratory devices, reports the Department of Homeland Security’s Industrial Control Systems-Cyber Emergency Response Team.
The vulnerabilities relate to the GE Aestiva and GE Aespire devices, which are models 7100 and 7900.
“If an attacker gains access to a hospital’s network and if the GE Aestiva or GE Aespire devices are connected via terminal servers, the attacker can force the devices to revert to an earlier, less secure version of the communication protocol and remotely modify parameters without authorization,” says Elad Luz, head of research at CyberMDX.
Also See: Dashboard helps monitor patients under anesthesia during surgery
When deployed using terminal servers, these manipulations can be performed with no prior knowledge of IP addresses or location of the anesthesia machine.
Consequently, concentration of inspired/expired oxygen, CO2, N20 and anesthetic…
