Vulnerabilities on GE HealthCare Vivid Ultrasound Could Result in Ransomware and Data Manipulation

Nozomi Networks Labs has found 11 vulnerabilities in GE HealthCare’s Vivid Ultrasound systems and related software. If exploited, these flaws could allow hackers to implant ransomware on the ultrasound machines or access and manipulate patient data stored on these devices. However, physical interaction with the device is needed for an attack. GE HealthCare has provided patches and mitigations for the vulnerabilities and Nozomi has shared detection strategies and identification of affected components with its customers.