Royal Philips recently released information on possible vulnerabilities in its iSite and IntelliSpace picture archiving and communications system, warning that the vulnerabilities could compromise patient confidentiality and system integrity. The Amsterdam-based company said that under specific conditions, vulnerabilities it identified could impact or potentially compromise patient confidentiality, system integrity and/or, system availability.
Philips goes on to say that after fully analyzing the issues, the vulnerabilities could allow low-skill attackers to provide unexpected input into the application, execute arbitrary code, and alter the control flow. Attackers could also access sensitive information and potentially cause system crashes from a remote location. The company said it has received no reports of patient harm related to the vulnerabilities and that it is unlikely the vulnerability would impact clinical use due to mitigating controls it has in place. Philips added that it has received no complaints involving clinical use associated with the issues. Philips provided solutions to the vulnerabilities, including enrolling in its recurring patching program and updating system firmware. – MassDevice