FDA Identifies Cybersecurity Risks Associated With Widely-Used Patient Monitoring Device

A recent U.S. Food and Drug Administration (FDA) announcement cautions healthcare organizations and providers “about cybersecurity vulnerabilities identified for certain GE Healthcare Clinical Information Central Stations and Telemetry Servers.” The agency says these devices, primarily used to display patient information and monitor patient status, are at risk of remote attacks that take “control of the device to silence alarms, generate false alarms or interfere with the function of patient monitors connected to these devices.” Furthermore, these devices may interpret an attack as “normal or routine network communications,” leaving it undetected and “invisible to existing security measures.”

To address these vulnerabilities, the FDA advises facilities “to segregate the network connecting the patient monitors with the affected GE Healthcare Clinical Information Central Stations and Telemetry Servers from the rest of the hospital network.” Additionally, the agency recommends use of “firewalls, segregated networks, virtual private networks, network monitors, or other technologies that minimize the risk of remote or local network attacks.”

Click here to read the FDA’s complete guidance on reducing cybersecurity risks. 

MLMIC also offers a number of resources that can help policyholders mitigate cybersecurity threats: