Severe Vulnerabilities in GE Healthcare Devices

21 - 28 January 2020

Security researchers have discovered critical vulnerabilities in GE medical devices that lets hackers assume full control or render the devices unusable.

Security researchers have discovered six critical vulnerabilities in medical devices from GE Healthcare that lets hackers assume full control or render the devices unusable. Five vulnerabilities received a 10 out of 10 severity rating on the Common Vulnerability Scoring System, while the final one has a rating of 8.5. The affected products – GE CARESCAPE Patient Monitors, ApexPro telemetry (server/tower) systems, and Clinical Information Center (CIC) Pro systems – are used to view real-time physiological data and waveforms collected over the local network from patient monitors. GE is currently working on patches for the vulnerabilities and has recommended applying network segregation measures to restrict access to vulnerable devices.


ICS Advisory (ICSMA-20-023-01): GE CARESCAPE, ApexPro, and Clinical Information Center Systems

MDhex: The Story Behind the Story

More Weekly Cyber Newsanalysis and insights

Ensign Consulting

Enhancing your security posture, developing your cyber strategy, and designing your incident response plans.​

Ensign Systems Integration

Architecting and implementing cybersecurity solutions that bolster defences

Ensign Managed Security Services

Managing your security operations for advanced threat detection, continuous monitoring, and triage services

Ensign Labs

Performing deep research to analyse vulnerabilities, deploy advanced threat hunting and provide cyber threat intelligence