News | Cybersecurity | April 16, 2018

Philips Warns of Cybersecurity Vulnerabilities in IntelliSpace and iSite PACS Products

Company says it has not received any reports of patient harm from vulnerabilities, but is offering remediation options for its customers

Philips Warns of Cybersecurity Vulnerabilities in IntelliSpace and iSite PACS Products

April 16, 2018 — Philips Healthcare last week issued a proactive advisory warning to its iSite and IntelliSpace picture archiving and communication system (PACS) customers of potential security vulnerabilities in the products. The company cautioned that while it has received no reports of patient harm, the vulnerabilities in question could impact or potentially compromise patient confidentiality, system integrity and/or system availability.

Philips identified the cybersecurity vulnerabilities, predominantly in third-party components, that if fully exploited may allow low-skill attackers remote entry to the applications. Once inside, any attackers could potentially:

  • Provide unexpected input into the applications;
  • Execute arbitrary code;
  • Alter the intended control flow of the system;
  • Access sensitive information; or
  • Potentially cause a system crash.

The company said its own analysis does not suggest the vulnerabilities would impact clinical use. This is largely due to the fact that IntelliSpace PACS is operated in a managed service environment that adheres to the latest recommendations of the U.S. Department of Homeland Security’s Industrial Control Systems Cyber Emergency Response Team (ICS-CERT). The company also noted that it uses an automated antivirus solution and offers a monthly recurring patch program for IntelliSpace customers.

ICS-CERT released its own advisory that describes the vulnerabilities in further detail. Read the full ICS-CERT advisory here.

Philips is offering customers three potential pathways to address the security vulnerabilities:

  1. Enrolling in the recurring patch program, which Philips said will remediate 86 percent of all known vulnerabilities;
  2. Option 1 plus updating system firmware, which will remediate 87 percent of all known vulnerabilities, including all known critical vulnerabilities;
  3. Option 2 plus upgrading to IntelliSpace PACS 4.4.5x with Windows operating system 2012, which addresses product hardening. Philips said this option will remediate 99.9 percent of all the known vulnerabilities, including all critical vulnerabilities.

Remediation options are provided at no charge for Philips customers on full service delivery model contracts.

For more information: www.usa.philips.com/healthcare

 

Related Content

Sponsored Content | Videos | Artificial Intelligence | February 21, 2020
In Artificial Intelligence at RSNA 2019, ITN Contributing Editor Greg Freiherr offers an overview of artificial intel
Altamont’s zero-footprint solution, CaptureWare, allows Mach7’s Enterprise Imaging Platform (EIP) to ingest more DICOM and/or non-DICOM data from various sources in a facility
News | PACS | February 20, 2020
February 20, 2020 — Mach7 announced its partnership with Altamont
Sponsored Content | Videos | Enterprise Imaging | February 19, 2020
Bill Lacy, vice president, Medical Informatics at FUJIFILM Medic...
Recognized as the “Pulitzer Prize of the business press,” the Jesse H. Neal Award finalists are selected for exhibiting journalistic enterprise, service to the industry and editorial craftsmanship
News | Radiology Business | February 19, 2020
February 19, 2020 — Connectiv, a division of The Software and Information Industry Association (SIIA), has announced
The Candelis ImageGrid Plus PACS Server is an ultra-high-performance platform that can support high volume healthcare environments of 1,000 plus modalities
News | PACS | February 12, 2020
February 12, 2020 — The Candelis ImageGrid Plus...
PaxeraHealth enterprise imaging, PACS, VNA solutions
News | Enterprise Imaging | February 11, 2020
February 11, 2020 — Enterprise Imaging developer PaxeraHealth
An example of artificial intelligence (AI) being developed by Hitachi to automatically review and identify nodules on lung CT scans. This is part of a suite of AI apps Hitachi is developing. This example was being shown as a work in progress at RSNA 2019.

An example of artificial intelligence (AI) being developed by Hitachi to automatically review and identify nodules on lung CT scans. This is part of a suite of AI apps Hitachi is developing. This example was being shown as a work in progress at RSNA 2019. Photo by Dave Fornell.

Feature | Artificial Intelligence | February 07, 2020 | Sanjay Parekh, Ph.D. 
February 7, 2020 – At the 2019 Radiological Society...
Qynapse, a medical technology company, announced that it received U.S. Food and Drug Administration (FDA) 510(k) clearance for its QyScore software
News | Information Technology | February 04, 2020
February 4, 2020 — Qynapse, a medical technology company, anno