Publication Date: 2021 July 5
Update Date: 2021 July 5
Philips is aware and currently monitoring supply chain attack affecting Kaseya VSA, a remote management and network monitoring product. We are aware of the attack, which has been leveraged to deploy ransomware to networks which utilize Kaseya VSA. The variant of ransomware deployed is REvil/Sodinokibi. Preliminary details about the activity suggest that VSA admin accounts are disabled shortly before ransomware is deployed.
Philips is not leveraging Kaseya VSA in its Remote Service access (PRS) to our customers and until now no products have been identified leveraging this technology. We continue to evaluate all our products and if we identify any products or services affected we will publish this here.
As part of the company’s product security policy and protocols, Philips’ teams are evaluating Philips’ products and solutions utilizing Microsoft Operating Systems for potential impacts from these reported vulnerability and validating actions. Philips is also monitoring for OS updates related to this vulnerability and evaluating further possible actions as needed.
Philips is committed to ensuring the safety, security, integrity, and regulatory compliance of our products to be deployed and to operate within Philips approved product specifications. Therefore, in accordance with Philips policy and regulatory requirements, all changes of configuration or software to Philips’ products (including operating system security updates and patches) may be implemented only in accordance with Philips product-specific, verified & validated, authorized, and communicated customer procedures or field actions.
If a product does require operating system security updates, configuration changes, or other actions to be taken by our customer or by Philips Customer Services, product-specific service documentation is produced by Philips product teams and made available to Philips service delivery platforms such as the Philips InCenter Customer Portal. Once posted by Philips product teams, all of these materials are accessible to contract-entitled customers, licensed representatives, and Philips Customer Service teams.
Contract-entitled customers may use Philips InCenter and are encouraged to request Philips InCenter access and reference product-specific information posted. If customers still have questions, all customers (contract-entitled or otherwise) are encouraged to contact their local service support team or regional product service support as appropriate for up to date information specific to their Philips’ products.