Philips warns of potential security vulnerabilities in some ultrasound software

Royal Philips issued a security alert on Wednesday, warning customers of possible vulnerabilities in its ultrasound software.

The Amsterdam-based imaging giant cautioned that unauthorized personnel may be able to bypass authentication protocols but labeled the security risk as “low severity.” Customers have not reported any instances of hackers using this weakness to affect clinical care.

“This potential issue requires local access to an affected system and a high skill level to exploit,” the company wrote June 24, noting that the only of such hacking would be the enabling of features not included with system purchase. “Philips’ analysis indicates that this is not a device safety issue, and there is no expectation of patient hazard,” it added later.

The warning applies only to its Ultrasound ClearVue versions 3.2 and prior, Ultrasound CX versions 5.0.2 and prior, Ultrasound EPIQ and Affiniti versions VM5.0 and prior, Ultrasound Sparq version 3.0.2 and prior, and Ultrasound Xperius.

Philips said it is working to release software updates to address this vulnerability across all of the aforementioned systems. In the meantime, it recommends making sure that servicers can “guarantee installed device integrity” during their repair operations.