MDhex vulnerabilities open GE Healthcare patient monitoring devices to attackers
Six critical and high-risk vulnerabilities have been discovered by researchers in patient monitoring devices manufactured by GE Healthcare. The vulnerabilities, collectively named MDhex, allow an attacker to make changes at the devices’ OS-level that could harm the patient through rendering the device unusable or interfering with its functions.
Alarm settings on connected patient monitors and utilize services used for remote viewing can be altered by an attacker due to the vulnerabilities. This could lead to missed, unnecessary, or silenced alarms. The critical flaws could lead to significant patient harm or even death. Patches have not been released as of now.