Critical, Unpatched ‘MDhex’ Bugs Threaten Hospital Devices


A collection of six cybersecurity vulnerabilities in a range of GE Healthcare devices for hospitals has been discovered. Dubbed “MDhex” by the researchers at CyberMDX who discovered them, the bugs would allow attackers to disable the devices, harvest personal health information (PHI), change alarm settings and alter device functionality.

According to the U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA), which disclosed the bugs on Thursday, the six different design flaws are present in the GE CARESCAPE product line.

Affected products include certain versions of the CARESCAPE Central Information Center (CIC), Apex Telemetry Server/Tower, Central Station (CSCS), Telemetry Server, B450 patient monitor, B650 patient monitor, and B850 patient monitor.

Read more…
Source: ThreatPost