FDA Has Issued a Cybersecurity Warning on Some GE Medical Equipment

On Thursday the Food and Drug Administration (FDA) released a warning to health-care providers, facilities and consumers regarding a vulnerability in certain electronic health-care data equipment that is made by General Electric.

The release said that this flaw could allow a person to tamper with the devices to “silence alarms, generate false alarms and interfere with alarms of patient monitors connected to these devices.”

The FDA said it was not aware of any “adverse events” related to the vulnerabilities. A third-party cybersecurity firm found the flaws.

The FDA also said the flaw affects some GE health-care Clinical Information Central Stations and Telemetry Servers.

The machines are used for monitoring blood pressure, heart rate, temperature and patient status, and are typically located in the central part of a facility, “such as a nurse’s station,” the FDA explained.

GE is working on a solution. The company has advised facility owners to segregate the equipment from the wider hospital network, restrict access to the stations to those required to use them for work, change default passwords on the devices and create firewalls to block any incoming internet traffic.

Disclaimer: We have no position in General Electric Company (NYSE: GE) and have not been compensated for this article.