News | Cybersecurity | April 16, 2018

Philips Warns of Cybersecurity Vulnerabilities in IntelliSpace and iSite PACS Products

Company says it has not received any reports of patient harm from vulnerabilities, but is offering remediation options for its customers

Philips Warns of Cybersecurity Vulnerabilities in IntelliSpace and iSite PACS Products

April 16, 2018 — Philips Healthcare last week issued a proactive advisory warning to its iSite and IntelliSpace picture archiving and communication system (PACS) customers of potential security vulnerabilities in the products. The company cautioned that while it has received no reports of patient harm, the vulnerabilities in question could impact or potentially compromise patient confidentiality, system integrity and/or system availability.

Philips identified the cybersecurity vulnerabilities, predominantly in third-party components, that if fully exploited may allow low-skill attackers remote entry to the applications. Once inside, any attackers could potentially:

  • Provide unexpected input into the applications;
  • Execute arbitrary code;
  • Alter the intended control flow of the system;
  • Access sensitive information; or
  • Potentially cause a system crash.

The company said its own analysis does not suggest the vulnerabilities would impact clinical use. This is largely due to the fact that IntelliSpace PACS is operated in a managed service environment that adheres to the latest recommendations of the U.S. Department of Homeland Security’s Industrial Control Systems Cyber Emergency Response Team (ICS-CERT). The company also noted that it uses an automated antivirus solution and offers a monthly recurring patch program for IntelliSpace customers.

ICS-CERT released its own advisory that describes the vulnerabilities in further detail. Read the full ICS-CERT advisory here.

Philips is offering customers three potential pathways to address the security vulnerabilities:

  1. Enrolling in the recurring patch program, which Philips said will remediate 86 percent of all known vulnerabilities;
  2. Option 1 plus updating system firmware, which will remediate 87 percent of all known vulnerabilities, including all known critical vulnerabilities;
  3. Option 2 plus upgrading to IntelliSpace PACS 4.4.5x with Windows operating system 2012, which addresses product hardening. Philips said this option will remediate 99.9 percent of all the known vulnerabilities, including all critical vulnerabilities.

Remediation options are provided at no charge for Philips customers on full service delivery model contracts.

For more information: www.usa.philips.com/healthcare

 

Related Content

iCAD's ProFound AI Wins Best New Radiology Solution in 2019 MedTech Breakthrough Awards
News | Computer-Aided Detection Software | September 09, 2019
iCAD Inc. announced MedTech Breakthrough, an independent organization that recognizes the top companies and solutions...
A smart algorithm has been trained on a neural network to recognize the appearance of breast cancer in MR images

A smart algorithm has been trained on a neural network to recognize the appearance of breast cancer in MR images. The algorithm, described at the SBI/ACR Breast Imaging Symposium, used deep learning, a form of machine learning, which is a type of artificial intelligence. Image courtesy of Sarah Eskreis-Winkler, M.D.

Feature | Society of Breast Imaging (SBI) | September 06, 2019 | By Greg Freiherr
The use of smart algorithms has the potential to make healthcare more efficient.
Philips and Fujifilm booths at SIIM 2019.

Philips and Fujifilm booths at SIIM 2019.

Feature | SIIM | September 06, 2019 | By Greg Freiherr
Pragmatism from cybersecurity to enterprise imaging was in vogue at the 2019 meeting of the Society of Imaging Inform
Heath information technology diagram showing use of cloud storage.
Feature | Archive Cloud Storage | September 04, 2019 | Tyna Callahan
In healthcare, critical systems are being used to deliver vital information and services 24x7x365.
Global Diagnostics Australia Incorporates AI Into Radiology Applications
News | Artificial Intelligence | September 04, 2019
Global Diagnostics Australia (GDA), a subsidiary of the Integral Diagnostics Group (IDX), has adopted artificial...
The CT scanner might not come with protocols that are adequate for each hospital situation, so at Phoenix Children’s Hospital they designed their own protocols, said Dianna Bardo, M.D., director of body MR and co-director of the 3D Innovation Lab at Phoenix Children’s.

The CT scanner might not come with protocols that are adequate for each hospital situation, so at Phoenix Children’s Hospital they designed their own protocols, said Dianna Bardo, M.D., director of body MR and co-director of the 3D Innovation Lab at Phoenix Children’s.

Sponsored Content | Case Study | Radiation Dose Management | September 04, 2019
Radiation dose management is central to child patient safety. Medical imaging plays an increasing role in the accurate...
New Report Reveals Vulnerabilities of Internet of Things-enabled Healthcare Devices
News | Cybersecurity | August 29, 2019
Use of the Internet of Things (IoT) is booming, with IHS Markit forecasting there will be 73 billion connected devices ...
Royal Solutions and ZipRad Partner to Tackle Order Entry and Pre-authorization
News | Electronic Medical Records (EMR) | August 27, 2019
August 27, 2019 — Medical data delivery company Royal Solutions has partnered with ZipRad to streamline imaging exam
Glassbeam Introduces AI-powered Rules and Alerts Engine for Clinsights
News | Analytics Software | August 23, 2019
Glassbeam Inc. revealed several technology enhancements in its Rules & Alerts engine that make it dramatically...
Sectra Signs Enterprise Imaging Contract With Vanderbilt Health
News | Enterprise Imaging | August 21, 2019
Sectra will install its enterprise imaging picture archiving and communication system (PACS) and vendor neutral archive...