GE HealthCare issues guidance for mitigating 11 security bugs in ultrasound devices

GE Healthcare has published mitigation guidance for its Vivid T9 ultrasound system, following the discovery of 11 vulnerabilities by researchers at Nozomi Networks. The flaws could enable malware installation or unauthorized access to patient data. While there have been no reports of exploitation, seven of the vulnerabilities have high severity scores. Exploitation would require physical access to the device. GE has stressed that existing mitigations and controls are effective and that ultrasound devices, typically located in secure environments, don’t serve as permanent record-keeping systems.