Flaws in Philips Patient Monitoring Products Can Lead to Patient Data Exposure
A total of eight security issues have been identified in Philips patient monitoring solutions that could potentially lead to threat actors accessing sensitive patient data without authorization. Although the severity ratings of the flaws range from medium to low, the Cybersecurity and Infrastructure Security Agency (CISA) warns that a low-skilled attacker could potentially exploit the flaws collectively to achieve compromisation of the Philips patient monitoring solutions. This could include interrupted monitoring, collection of access information, and unauthorized access to the device.
The security flaws were uncovered by researchers with ERNW participating in a program supervised by German Information Security forces. The vulnerabilities affect IntelliVue Patient Monitor systems, Patient Information Center iX software, and PerformanceBridge Focal Point. The project has been named ManiMed, and its findings will be released in December.