Publication Date: 2021 March 25
Update Date: 2021 March 25
Philips is a committed leader in medical device cybersecurity. As part of our global Product Security Policy, the company conducts extensive, ongoing analysis of our products, often in collaboration with customers and researchers, to identify and address potential vulnerabilities.
In accordance with Philips’ Coordinated Vulnerability Disclosure Policy for the awareness and remediation of possible security vulnerabilities, the company is proactively issuing an advisory regarding a very low-severity issue related to Philips Gemini PET/CT Family systems (CVSS v3 Score – 2.4 on a scale of 10).
This potential issue is related to storage of information in a file system or device without access control, specific to removable media. Should this issue be exploited, there is a possibility that sensitive information may be accessible by unauthorized parties. This potential vulnerability requires physical access to the removable media to exploit.
To date, Philips has not received any reports of exploitation of these issues or of incidents from clinical use that we have been able to associate with this issue.
Philips is reminding customers that users should operate all Philips deployed and supported Gemini PET/CT systems within Philips authorized specifications, including Philips approved software, software configuration, system services, and security configuration.
Customers with questions regarding their specific Philips Gemini PET/CT installations should contact their Philips support representative, visit the customer service solutions web site at https://www.usa.philips.com/healthcare/solutions/customer-service-solutions, or call 1-800-722-9377.
Publication on Cybersecurity & Infrastructure Security Agency (CISA) website: https://us-cert.cisa.gov/ics/advisories/icsma-21-084-01