Royal Philips received a cybersecurity vulnerability notice from the U.S. Cyber Security & Infrastructure Security Agency (CISA) for its e-Alert MRI system monitoring platform, where exploitation of the vulnerability may allow for remote shutdown of the system.
CISA called attention to the e-Alert MRI system monitoring platform (version 2.7 and prior) and a potential vulnerability related to “missing authentication for critical function.”
According to the CISA notice, successful exploitation of the vulnerability — in which the software does not perform any authentication for critical system functionality — could allow an unauthorized actor to remotely shut down the system if on the healthcare facility’s network.
Philips plans a new release to remediate the vulnerability before July 2022. For interim mitigation to the vulnerability, Philips recommends that users operate all Philips deployed and supported products within Philips authorized specifications, including physical and logical controls, with only authorized personnel permitted to access the network and devices connected to it.
Read the full article at Mass Device.