One of the earliest advantages of technology was creating tech that could save lives and make illness more manageable. GE Healthcare is a multinational Health Electronics firm based in the United States of America and was founded in 1994.
Recently the company launched some new medical electronics called CARESCAPE Monitor B450 and CARESCAPETM Monitor B850 that were both intended for monitoring patients and it was also easy to move with patients.
CARESCAPET Monitor B450 Features
CARESCAPET Monitor B450 is a monitor that monitors and keeps track of a patient’s acuity and tracks all activities when moving a patient. The equipment is made such that it is not too heavy or bulky to transport with the patient. It is made specifically to be used in cases of emergencies or surgical operations. It also has an option for wireless connection so health workers can access patient information with ease and a multi-parameter module with hemodynamic measurements and one additional single-width measurement module.
Users can set up alarms and reminder systems that go with their needs. It allows easy access to physiological information about patients that assist them in making decisions about treatment faster and uses algorithms and methods that can help doctors with the diagnosis. It can be configured according to the needs of the unit or the number and type of patients using it and the information can be accessed via CARESCAPE Gateway from the HIS/EMR. With this device, both users and medical practitioners will stay connected and it can also be connected to recording devices, printers, etc. for easy patient management.
CARESCAPETM Monitor B850 Features
CARESCAPETM Monitor B850, on the other hand, can monitor respiratory activities and gas and uses Marquette* ECG algorithm with unique adequacy of anesthesia concept for tailored anesthesia. It also allows the connection and data monitoring that CARESCAPETM Monitor B450 does as well and offers clinical intelligence from telemetry, previously medication, laboratory tests results data about cardiology data system among others.
It can also be connected to external viewing devices for the management of data.
Both machines are very easy to use which makes training of staff on it, from experienced to an internship a very easy process. The user interface is also very intuitive and easy to understand. But as amazing and supportive as these machines are, studies have shown that they also have high-risk security issues. According to some studies by the US Cybersecurity and Infrastructure Agency (CISA) some of the issues discovered were that the stored data and credentials were not protected. This meant it could be accessed by any third party.
Also, the validation of inputs was not validated properly and needed extra validation. There are some patient information that should only be accessible to the doctor. Those can on information needed double-step verification which it lacked. The GE Healthcare monitors also had missing authentication systems for very important activities which means that anyone can access those functions and uploaded any documents into the patient database, compromising the integrity of the information in the monitor console. There is no encryption to protect patients’ data and it is easy to hack into.
What these Issues Mean for Patients
All these at a glance may not seem life-threatening, but they are. If the monitors were prey to an attack, devastating changes can easily be made to the device software which will, in turn, change how it works and can be fatal. Alarm and reminder settings can also be tempered with which may make for a missed deadline. Information about patients can also be exposed to the Internet.
One of the most important most sought after things in the health care system after a successful treatment is discretion. That, however, cannot be promised to patients if the software used to treat them is not safe from cyber attacks. Medical information falling into the wrong hands not only violets trust but is also very scary. The errors and vulnerability found in these devices were recovered by a CyberMDX researcher called Elad Luz who then renamed those problems as “MDhex”, to GE and CISA in September 2019. Most of the issues were first discovered in CIC Pro, another GE Healthcare electronic device used by medical workers to store patient cardio data.
The system, when analyzed was running of a version of Webmin that was termed very dangerous and unsafe. When they went on to look at the CARESCAPETM Monitor B850 and CARESCAPETM Monitor B450, they found out some issues with the devices as well. And while both devices are top-notch and do amazing medical work, they cannot be termed safe if they are not immune to cyber-attacks.
These findings were reported back to the GE Healthcare team that worked on the project in 2019. The company promised to release versions that were stronger and less prone to cyber-attacks.