Philips and the U.S. Cybersecurity and Infrastructure Agency (CISA) have issued a security advisory about potential vulnerabilities associated with older versions of the vendor’s Vue PACS software.
The company said in its advisory that a security vulnerability was found in Vue PACS versions prior to 12.2.8.410.
“Successful exploitation of these vulnerabilities may allow unauthorized persons or processes to adversely affect the confidentiality, integrity, or availability of a system by eavesdropping, viewing or modifying data, accessing the system, executing code, installing unauthorized software, or affecting the integrity of system data,” CISA wrote in its cybersecurity advisory.
To date, Philips has not received any reports of patient harm, misuse of these issues or incidents from clinical use related to these issues.
Most of the vulnerabilities were addressed in version 12.2.8.400, which was released in August 2023. Another update, version 12.2.8.410, also addressed another specific vulnerability that could affect system availability. The company has provided mitigation strategies for users who have not completed these software upgrades.
Philips recommends configuring your Vue PACS environment according to 8G7607 – Vue PACS User Guide Rev G, available on InCenter. Philips recommends configuring your Vue PACS environment according to D000763414 – Vue_PACS_12_Ports_Protocols_Services_Guide, available on InCenter.
Source link
