News | Cybersecurity | April 16, 2018

Philips Warns of Cybersecurity Vulnerabilities in IntelliSpace and iSite PACS Products

Company says it has not received any reports of patient harm from vulnerabilities, but is offering remediation options for its customers

Philips Warns of Cybersecurity Vulnerabilities in IntelliSpace and iSite PACS Products

April 16, 2018 — Philips Healthcare last week issued a proactive advisory warning to its iSite and IntelliSpace picture archiving and communication system (PACS) customers of potential security vulnerabilities in the products. The company cautioned that while it has received no reports of patient harm, the vulnerabilities in question could impact or potentially compromise patient confidentiality, system integrity and/or system availability.

Philips identified the cybersecurity vulnerabilities, predominantly in third-party components, that if fully exploited may allow low-skill attackers remote entry to the applications. Once inside, any attackers could potentially:

  • Provide unexpected input into the applications;
  • Execute arbitrary code;
  • Alter the intended control flow of the system;
  • Access sensitive information; or
  • Potentially cause a system crash.

The company said its own analysis does not suggest the vulnerabilities would impact clinical use. This is largely due to the fact that IntelliSpace PACS is operated in a managed service environment that adheres to the latest recommendations of the U.S. Department of Homeland Security’s Industrial Control Systems Cyber Emergency Response Team (ICS-CERT). The company also noted that it uses an automated antivirus solution and offers a monthly recurring patch program for IntelliSpace customers.

ICS-CERT released its own advisory that describes the vulnerabilities in further detail. Read the full ICS-CERT advisory here.

Philips is offering customers three potential pathways to address the security vulnerabilities:

  1. Enrolling in the recurring patch program, which Philips said will remediate 86 percent of all known vulnerabilities;
  2. Option 1 plus updating system firmware, which will remediate 87 percent of all known vulnerabilities, including all known critical vulnerabilities;
  3. Option 2 plus upgrading to IntelliSpace PACS 4.4.5x with Windows operating system 2012, which addresses product hardening. Philips said this option will remediate 99.9 percent of all the known vulnerabilities, including all critical vulnerabilities.

Remediation options are provided at no charge for Philips customers on full service delivery model contracts.

For more information: www.usa.philips.com/healthcare

 

Related Content

News | Artificial Intelligence | November 15, 2018
Life Image and Mendel.ai announced a new strategic partnership that will facilitate the adoption and enhancement of...
News | Enterprise Imaging | November 14, 2018
Konica Minolta Healthcare Americas Inc. will showcase new features and tools for the Exa Enterprise Imaging platform at...
Artificial Intelligence Predicts Alzheimer's Years Before Diagnosis
News | Neuro Imaging | November 14, 2018
Artificial intelligence (AI) technology improves the ability of brain imaging to predict Alzheimer’s disease, according...
MDW Unveils First Radiology Blockchain Platform at RSNA 2018
News | Radiology Business | November 13, 2018
Medical Diagnostic Web (MDW) will debut the first radiology blockchain platform designed to connect all players in the...
Subtle Medical Showcases Artificial Intelligence for PET, MRI Scans at RSNA 2018
News | Artificial Intelligence | November 13, 2018
At the 2018 Radiological Society of North America annual meeting (RSNA 2018), Nov. 25-30 in Chicago, Subtle Medical...
ContextVision Introduces AI-Powered Image Enhancement for Digital Radiography
Technology | Artificial Intelligence | November 09, 2018
With the integration of deep learning technology, ContextVision takes digital radiography to new levels with its latest...
Ambra Health Launches Mobile App for Instant Medical Image Access
Technology | Mobile Devices | November 09, 2018
Ambra Health announced the launch of its first iOS mobile app for healthcare providers and patient access. Designed...
Figure 1

Figure 1

Feature | Information Technology | November 09, 2018 | By Jef Williams and Laurie Lafleur
Every year in late November tens of thousands of diagnostic imaging professionals from all over the globe descend upon...
Sponsored Content | Videos | Information Technology | November 08, 2018
Deployed on Microsoft Azure, GE Healthcare’s iCenter is a secure, cloud-based tool that provides visibility to asset