Cybersecurity Vulnerabilities – GE Healthcare Clinical Information System

FDA is raising awareness among health care providers and facility staff that cybersecurity vulnerabilities in certain GE Healthcare Clinical Information Central Stations and Telemetry Servers may introduce risks to patients while being monitored.  Per the FDA notice:

“A security firm has identified several vulnerabilities in certain GE Healthcare Clinical Information Center workstations and Telemetry Servers, that may allow an attacker to remotely take control of the medical device and to silence alarms, generate false alarms and interfere with the function of patient monitors connected to these devices.

These devices are used mostly in healthcare facilities for displaying patient information, such as the physiologic parameters (such as temperature, heartbeat, blood pressure) of a patient, and monitoring patient status from a central location in a facility, such as a nurse’s workstation. To date, the FDA is not aware of any adverse events related to these vulnerabilities.

These vulnerabilities might allow an attack to happen undetected and without user interaction. Because an attack may be interpreted by the affected device as normal network communications, it may remain invisible to existing security measures.”

Read more about cybersecurity vulnerabilities with the GE Healthcare Clinical Information System at the FDA Safety Communication link:  http://s2027422842.t.en25.com/e/er?utm_campaign=2020-01-23%20CDRH%20Safety%20Comm%20–%20Cybersecurity%20Vulnerabilities%20-%20GE%20Healthcare&utm_medium=email&utm_source=Eloqua&s=2027422842&lid=11423&elqTrackId=350B6FE7F1138908671E66C02729063B&elq=5c0ea9105d074030a646873da7c39a4a&elqaid=10981&elqat=1

Related post:  The FDA’s Role in Medical Device Cybersecurity

About the author

Brian Pate helps medical device companies achieve efficient and FDA regulatory compliant product development to produce higher quality and clinically valued software. He began his career in clinical research in 1985 with the Department of Anesthesiology at UAB developing closed-loop control systems for the automated delivery of gases and control. In 1990, he made the switch from university research to the medical device industry designing control systems, communication interfaces, user interface, and other software for real-time embedded systems and clinical information systems, working for medical device companies including Johnson & Johnson, Baxter Healthcare, and GE Medical. Today, he is a Partner and the General Manager of Crisis Prevention and Recovery LLC (dba SoftwareCPR®), a general-purpose regulatory consulting firm that is recognized globally for their expertise with standards and national regulations pertaining to medical device, mobile medical app, and HealthIT software. He has taught the AAMI/FDA course on Software Regulation to FDA Reviewers at FDA and is currently the lead faculty for the public version of that course taught annually along with FDA staff. Brian served on the AAMI/FDA TIR working group that created AAMI TIR32 Guidance on the application of ISO 14971 to Software (later superseded by IEC 80002-1). He later served on the original AAMI/FDA working group that created the AAMI TIR45-2012 TIR Guidance on the use of Agile practices in the development of medical device software and is currently the co-chair leading the creation of the 2nd edition of TIR45. He has served as faculty for all offerings of the AAMI/FDA Compliant Use of Agile Methods public course. Brian also served as an instructor for the AAMI Design Controls course. He is also a member of the Underwriters’ Laboratories Standards Technical Panel 5500, Remote Software Updates. He now serves as a member of the AAMI Software Committee.

Remote Webmeeting Assessments

SoftwareCPR can provide remote offsite assessments to support virtual offices.  Our consultants can utilize webmeeting tools to walk your teams through assessments such as:

  • 62304 compliance
  • Regulatory submission pre-review
  • Software risk analysis
  • Cybersecurity process and validation
  • Overall ISO 14971 risk management
  • Overview of software regulation with John Murray

Email office@softwarecpr.com
for more info!

Corporate Office

15148 Springview St
Tampa, FL 33624
USA
+1-781-721-2921
Partners located in the US (CA, FL, MA, MN) and Italy.