Article 5BCT4 GE puts default password in radiology devices, leaving healthcare networks exposed

GE puts default password in radiology devices, leaving healthcare networks exposed

by
Dan Goodin
from Ars Technica - All content on (#5BCT4)
ge-optima-800x600.jpg

Enlarge (credit: GE Healthcare)

Dozens of radiology products from GE Healthcare contain a critical vulnerability that threatens the networks of hospitals and other health providers that use the devices, officials from the US government and a private security firm said on Tuesday.

The devices-used for CT scans, MRIs, X-Rays, mammograms, ultrasounds, and positron emission tomography-use a default password to receive regular maintenance. The passwords are available to anyone who knows where on the Internet to look. A lack of proper access restrictions allows the devices to connect to malicious servers rather than only those designated by GE Healthcare. Attackers can exploit these shortcomings by abusing the maintenance protocols to access the devices. From there, the attackers can execute malicious code or view or modify patient data stored on the device or the hospital or healthcare provider servers.

Aggravating matters, customers can't fix the vulnerability themselves. Instead, they must request that the GE Healthcare support team change the credentials. Customers who don't make such a request will continue to rely on the default password. Eventually, the device manufacturer will provide patches and additional information.

Read 5 remaining paragraphs | Comments

index?i=EsLZw1IvVL0:c5M4V3xfRwI:V_sGLiPB index?i=EsLZw1IvVL0:c5M4V3xfRwI:F7zBnMyn index?d=qj6IDK7rITs index?d=yIl2AUoC8zA
External Content
Source RSS or Atom Feed
Feed Location http://feeds.arstechnica.com/arstechnica/index
Feed Title Ars Technica - All content
Feed Link https://arstechnica.com/
Reply 0 comments