News | Cybersecurity | April 16, 2018

Philips Warns of Cybersecurity Vulnerabilities in IntelliSpace and iSite PACS Products

Company says it has not received any reports of patient harm from vulnerabilities, but is offering remediation options for its customers

Philips Warns of Cybersecurity Vulnerabilities in IntelliSpace and iSite PACS Products

April 16, 2018 — Philips Healthcare last week issued a proactive advisory warning to its iSite and IntelliSpace picture archiving and communication system (PACS) customers of potential security vulnerabilities in the products. The company cautioned that while it has received no reports of patient harm, the vulnerabilities in question could impact or potentially compromise patient confidentiality, system integrity and/or system availability.

Philips identified the cybersecurity vulnerabilities, predominantly in third-party components, that if fully exploited may allow low-skill attackers remote entry to the applications. Once inside, any attackers could potentially:

  • Provide unexpected input into the applications;
  • Execute arbitrary code;
  • Alter the intended control flow of the system;
  • Access sensitive information; or
  • Potentially cause a system crash.

The company said its own analysis does not suggest the vulnerabilities would impact clinical use. This is largely due to the fact that IntelliSpace PACS is operated in a managed service environment that adheres to the latest recommendations of the U.S. Department of Homeland Security’s Industrial Control Systems Cyber Emergency Response Team (ICS-CERT). The company also noted that it uses an automated antivirus solution and offers a monthly recurring patch program for IntelliSpace customers.

ICS-CERT released its own advisory that describes the vulnerabilities in further detail. Read the full ICS-CERT advisory here.

Philips is offering customers three potential pathways to address the security vulnerabilities:

  1. Enrolling in the recurring patch program, which Philips said will remediate 86 percent of all known vulnerabilities;
  2. Option 1 plus updating system firmware, which will remediate 87 percent of all known vulnerabilities, including all known critical vulnerabilities;
  3. Option 2 plus upgrading to IntelliSpace PACS 4.4.5x with Windows operating system 2012, which addresses product hardening. Philips said this option will remediate 99.9 percent of all the known vulnerabilities, including all critical vulnerabilities.

Remediation options are provided at no charge for Philips customers on full service delivery model contracts.

For more information: www.usa.philips.com/healthcare

 

Related Content

Seamless Interoperability – Fact or Fiction? This webinar will show how Nemours Children’s Health System adoption of ScImage’s PICOM365 Enterprise PACS  improved workflow. The product will be highlighted at HIMSS 2019.
Sponsored Content | Webinar | PACS | January 17, 2019
This ScImage-sponsored ITN/DAIC webinar will be held at 2 p.m. Eastern time, Wednesday, Feb. 6, 2019.
NewYork-Presbyterian Hospital Partners With Philips for Health IT and Clinical Informatics
News | Enterprise Imaging | January 16, 2019
Philips announced that NewYork-Presbyterian Hospital has chosen to implement the company’s IntelliSpace Enterprise...
AI Approach Outperformed Human Experts in Identifying Cervical Precancer
News | Digital Pathology | January 10, 2019
January 10, 2019 — A research team led by investigators from the National Institutes of Health and Global Good has de
Artificial intelligence, also called deep learning and machine learning, was the hottest topic at the 2018 Radiological Society of North America (RSNA)) meeting.

Artificial intelligence was the hottest topic at the 2018 Radiological Society of North America (RSNA)) meeting, which included a large area with its own presentation therater set asside for AI vendors.

Feature | Artificial Intelligence | January 10, 2019 | Dave Fornell, Editor
Hands down, the hottest topic in radiology the past two years has been the implementation of...
Pacific Northwest VA Network Selects Carestream as Enterprise PACS Supplier
News | PACS | January 08, 2019
Carestream has been awarded a multimillion-dollar healthcare information technology (IT) contract for Veterans Affairs...
Sponsored Content | Videos | Flat Panel Displays | December 25, 2018
EIZO, which means image in Japanese, is a visual technology company that develops and manufactures high-end display s
Videos | Artificial Intelligence | December 21, 2018
Enhao Gong, Ph.D., founder of Subtle Medical, an artificial intelligence (AI) company that develops products to help
IMS Announces Integration of Cloud Image Viewing Platform With Google Cloud
News | Archive Cloud Storage | December 20, 2018
International Medical Solutions (IMS) recently announced it will provide Google Cloud account users with the ability to...
Infinitt Showcases New RIS/PACS Features at RSNA 2018
News | PACS | December 19, 2018
Infinitt North America highlighted a range of healthcare information technology (IT) products and applications at the...