Recall – Anesthesia delivery system cyber-security vulnerability

Company: GE Healthcare, LLC
Date of Enforcement Report: 12/25/2019
Class II

PRODUCT

Aestiva MRI, Model Numbers: a) 1006-9310-000 b) 1006-9110-000 c) 1006-9023-000 d) 1006-9028-000 e) 1006-9310-000-305077 f) 1006-9310-000-015243 g) 1006-9310-000-017602 h) 1006-9310-000-103785 I) 1006-9310-000-025109 j) 1006-9310-000-009650 k) 1006-9310-000-015224 l) 1006-9310-000-031881 m) 1006-9310-000-031854 n) 1006-9310-000-026571

  • Recall Number: Z-0114-2020

REASON

Certain Aespire and Aestiva Anesthesia Systems were noted to have a vulnerability to a cyber-attack when connected to the hospital network. An insufficiently secured terminal server may provide an opportunity for a malicious actor that has already penetrated the hospital network to send fraudulent flow sensor correction parameters.

RECALLING FIRM/MANUFACTURER

GE Healthcare, LLC on 7/19/2019. Voluntary:  Firm Initiated recall is ongoing.

VOLUME OF PRODUCT IN COMMERCE

502 devices

DISTRIBUTION

U.S. Nationwide and International

SoftwareCPR Training Courses:

IEC 62304 and other Emerging Standards Impacting Medical Device Software

Being Agile & Yet Compliant

ISO 14971 SaMD Risk Management

Software Risk Management

Medical Device Cybersecurity

Software Verification

IEC 62366 Usability Process and Documentation

Or just email training@softwarecpr.com for more info.

Corporate Office

15148 Springview St.
Tampa, FL 33624
USA
+1-781-721-2921
Partners located in the US (CA, FL, MA, MN, TX) and Canada.