News | Cybersecurity | April 16, 2018

Philips Warns of Cybersecurity Vulnerabilities in IntelliSpace and iSite PACS Products

Company says it has not received any reports of patient harm from vulnerabilities, but is offering remediation options for its customers

Philips Warns of Cybersecurity Vulnerabilities in IntelliSpace and iSite PACS Products

April 16, 2018 — Philips Healthcare last week issued a proactive advisory warning to its iSite and IntelliSpace picture archiving and communication system (PACS) customers of potential security vulnerabilities in the products. The company cautioned that while it has received no reports of patient harm, the vulnerabilities in question could impact or potentially compromise patient confidentiality, system integrity and/or system availability.

Philips identified the cybersecurity vulnerabilities, predominantly in third-party components, that if fully exploited may allow low-skill attackers remote entry to the applications. Once inside, any attackers could potentially:

  • Provide unexpected input into the applications;
  • Execute arbitrary code;
  • Alter the intended control flow of the system;
  • Access sensitive information; or
  • Potentially cause a system crash.

The company said its own analysis does not suggest the vulnerabilities would impact clinical use. This is largely due to the fact that IntelliSpace PACS is operated in a managed service environment that adheres to the latest recommendations of the U.S. Department of Homeland Security’s Industrial Control Systems Cyber Emergency Response Team (ICS-CERT). The company also noted that it uses an automated antivirus solution and offers a monthly recurring patch program for IntelliSpace customers.

ICS-CERT released its own advisory that describes the vulnerabilities in further detail. Read the full ICS-CERT advisory here.

Philips is offering customers three potential pathways to address the security vulnerabilities:

  1. Enrolling in the recurring patch program, which Philips said will remediate 86 percent of all known vulnerabilities;
  2. Option 1 plus updating system firmware, which will remediate 87 percent of all known vulnerabilities, including all known critical vulnerabilities;
  3. Option 2 plus upgrading to IntelliSpace PACS 4.4.5x with Windows operating system 2012, which addresses product hardening. Philips said this option will remediate 99.9 percent of all the known vulnerabilities, including all critical vulnerabilities.

Remediation options are provided at no charge for Philips customers on full service delivery model contracts.

For more information: www.usa.philips.com/healthcare

 

Related Content

Building on its commitment to providing customers with artificial intelligence (AI) solutions that can be utilized across modalities in routine care, Canon Medical Systems USA, Inc. is partnering with Zebra Medical Vision to offer its AI1 automated imaging analysis solutions to help clinicians in the U.S. provide faster, accurate diagnoses for optimized patient care
News | Artificial Intelligence | August 11, 2020
August 11, 2020 — Building on its commitment to providing customers with...
SyntheticMR announced its imaging software SyMRI is compatible with additional scanners from Siemens Healthineers on the US market, including 1.5T scanners such as Magnetom Altea, Sola and Sola Fit, as well as 3T scanners such as MAGNETOM Skyra and Prisma.
News | Information Technology | August 11, 2020
August 11, 2020 — SyntheticMR announced its imaging softwar
Intelerad Medical Systems, a leader in enterprise workflow solutions, announced the acquisition of Radius, a private cloud platform provider based in the Nashville, Tenn., metropolitan area.
News | Enterprise Imaging | August 05, 2020
August 5, 2020 — Intelerad Medical Systems, a leader in enterprise workflow solutions, announced the acquisition of
Keeping the health and safety of of the HIMSS audience in mind, the conference moves to August 9-13 in Las Vegas
News | HIMSS | August 03, 2020
August 3, 2020 —  The Healthcare Informatio...
Candelis, Inc., a leading provider of innovative and cost-effective enterprise healthcare solutions, and VasoTechnololgy, a subsidiary of the Vaso Corporation, announced an agreement to distribute Candelis' suite of image management PACS solutions and cloud services, including ImageGrid, ImageGrid Mini PACS and ASTRA Cloud.
News | Enterprise Imaging | July 29, 2020
July 29, 2020 — Candelis, Inc., a leading provider of innovative and cost-effective enterprise healthcare solutions,
Clearing medical device cybersecurity requirements from DoD delivers even more safety assurance for customers
News | Cybersecurity | July 23, 2020
July 23, 2020 — Carestream Health’s ImageView software has received the Risk Management Framework Authority to Operat