philips Archives - Don Kasprzak

Philips has yet to patch a flaw that allows cybercriminals to inject ransomware or backdoors which can result in PHI at risk of compromise.

The Philips ISCV version 2.x and earlier and Xcelera 4.x and 3.x the servers contain 20 Windows services of which the executables are being present in a folder where authenticated users have write permissions. The services run as a local admin account or local system account, and if a user were to replace one of the executables with a different program, that program too would be executed with local admin or local system permissions.

Philips confirms these vulnerabilities affect their IntelliSpace Cardiovascular system version 2.3.1, 3.1 and earlier. Also impacted are version 4.x and 3.x Xcelera systems (PDF). In ISCV version 3.x and earlier and Xcelera 4.x and 3.x there are 16 Windows services flaws allow hackers to run the computer with local admin rights.

On August 14th, The US Department of Homeland Security’s Industrial Control Systems Emergency Response Team (ICS-CERT) issues two alerts for Philips medical devices: PageWriter and IntelliSpace.
Philips announced plans to patch IntelliSpace by October, roughly 45 days from the DHS announcement.

PageWriter will not be patched until “mid-2019” despite the easier, “low level” threat.

A ten month delay provides more ammunition to cyber criminals to aggressively attack healthcare. Announcing an eight to ten month delay in patching adds confusion into the medical device marketplace. The cybersecurity community expresses the need for clinics, hospitals and health systems that monthly patching is the best way to protect assets from cyber attack. Many medical devices in production at the bedside today remain connected to Windows XP PCs.