News | Cybersecurity | April 16, 2018

Philips Warns of Cybersecurity Vulnerabilities in IntelliSpace and iSite PACS Products

Company says it has not received any reports of patient harm from vulnerabilities, but is offering remediation options for its customers

Philips Warns of Cybersecurity Vulnerabilities in IntelliSpace and iSite PACS Products

April 16, 2018 — Philips Healthcare last week issued a proactive advisory warning to its iSite and IntelliSpace picture archiving and communication system (PACS) customers of potential security vulnerabilities in the products. The company cautioned that while it has received no reports of patient harm, the vulnerabilities in question could impact or potentially compromise patient confidentiality, system integrity and/or system availability.

Philips identified the cybersecurity vulnerabilities, predominantly in third-party components, that if fully exploited may allow low-skill attackers remote entry to the applications. Once inside, any attackers could potentially:

  • Provide unexpected input into the applications;
  • Execute arbitrary code;
  • Alter the intended control flow of the system;
  • Access sensitive information; or
  • Potentially cause a system crash.

The company said its own analysis does not suggest the vulnerabilities would impact clinical use. This is largely due to the fact that IntelliSpace PACS is operated in a managed service environment that adheres to the latest recommendations of the U.S. Department of Homeland Security’s Industrial Control Systems Cyber Emergency Response Team (ICS-CERT). The company also noted that it uses an automated antivirus solution and offers a monthly recurring patch program for IntelliSpace customers.

ICS-CERT released its own advisory that describes the vulnerabilities in further detail. Read the full ICS-CERT advisory here.

Philips is offering customers three potential pathways to address the security vulnerabilities:

  1. Enrolling in the recurring patch program, which Philips said will remediate 86 percent of all known vulnerabilities;
  2. Option 1 plus updating system firmware, which will remediate 87 percent of all known vulnerabilities, including all known critical vulnerabilities;
  3. Option 2 plus upgrading to IntelliSpace PACS 4.4.5x with Windows operating system 2012, which addresses product hardening. Philips said this option will remediate 99.9 percent of all the known vulnerabilities, including all critical vulnerabilities.

Remediation options are provided at no charge for Philips customers on full service delivery model contracts.

For more information: www.usa.philips.com/healthcare

 

Related Content

HHS Extends Comment Period for Proposed Electronic Health Information Interoperability Rules
News | Electronic Medical Records (EMR) | April 19, 2019
The U.S. Department of Health and Human Services (HHS) is extending the public comment period by 30 days for two...
In a demonstration on the exhibit floor of the SBI symposium, Koios software identified suspicious lesions in ultrasound images

In a demonstration on the exhibit floor of the SBI symposium, Koios software identified suspicious lesions in ultrasound images. Photo by Greg Freiherr

Feature | Artificial Intelligence | April 19, 2019 | By Greg Freiherr
Commercial efforts to develop...
Atrium Health Debuts Amazon Alexa Skill to Help Patients Access Medical Care
News | Artificial Intelligence | April 18, 2019
Atrium Health patients will now be able to use Amazon’s electronic voice system Alexa to not only locate the nearest...
Oxipit Introduces Multilingual Support for ChestEye AI Imaging Suite
News | Artificial Intelligence | April 16, 2019
The CE-certified ChestEye artificial intelligence (AI) imaging suite by Oxipit is now available in seven European...
iCAD Appoints Stacey Stevens as President
News | Radiology Business | April 16, 2019
iCAD Inc. recently announced that Stacey Stevens has been named president. As president, Stevens will have expanded...
compressed breast during mammography.
360 Photos | 360 View Photos | April 16, 2019
A 360 view of a simulated breast compression for a...
Radiology Publishes Roadmap for AI in Medical Imaging
News | Artificial Intelligence | April 16, 2019
In August 2018, a workshop was held at the National Institutes of Health (NIH) in Bethesda, Md., to explore the future...
Cambridge University Hospitals NHS Foundation Trust Implements Change Healthcare Enterprise Imaging
News | Enterprise Imaging | April 15, 2019
Change Healthcare successfully implemented its Radiology PACS (picture archiving and communication system), Image...