On August 14th, The US Department of Homeland Security’s Industrial Control Systems Emergency Response Team (ICS-CERT) issues two alerts for Philips medical devices: PageWriter and IntelliSpace.
Philips announced plans to patch IntelliSpace by October, roughly 45 days from the DHS announcement.
PageWriter will not be patched until “mid-2019” despite the easier, “low level” threat.
A ten month delay provides more ammunition to cyber criminals to aggressively attack healthcare. Announcing an eight to ten month delay in patching adds confusion into the medical device marketplace. The cybersecurity community expresses the need for clinics, hospitals and health systems that monthly patching is the best way to protect assets from cyber attack. Many medical devices in production at the bedside today remain connected to Windows XP PCs.