Publication Date:  May 17, 2018

Update Date: October 8, 2018

 

Philips is a committed leader in medical device cybersecurity. As part of our global Product Security Policy, the company conducts extensive ongoing analysis of our products, often in collaboration with customers and researchers, to identify and address potential vulnerabilities.

 

As part of Philips’ Responsible Disclosure Policy for the awareness and remediation of identified product security vulnerabilities, the company is proactively issuing an advisory concerning a potential, low-risk security vulnerability that may affect the EncoreAnywhere hosted web application deployed for use with certain Philips Respironics products and limited to the Asia/Pacific region. This potential issue only affects EncoreAnywhere APAC 2.36.3.3 and earlier software versions.

 

Philips has confirmed that the potential security vulnerability, if successfully exploited, may result in unencrypted communication and improper disclosure of sensitive data. This vulnerability could be exploited remotely by an unauthorized user. However, an attacker would require a high level of skill in order to successfully exploit this vulnerability. Vulnerability remediation is planned by September 2018 and was completed at that time.

 

At this time, Philips has received no reports of exploitation of this vulnerability or incidents from clinical use that have been associated with the vulnerability.

 

Philips has reported this potential vulnerability and its resolution to customers and the appropriate government agencies, including ICS-CERT, which is issuing an advisory.

 

Philips recognizes that the security of our healthcare, personal health, and home consumer products and services are business critical for our customers. Philips has taken the lead in creating a Responsible Disclosure Policy, to collaborate with customers, security researchers, regulators and other agencies to help proactively identify, address and disclose potential vulnerabilities in a safe and effective manner.

 

Customers with questions regarding their specific Philips installations are advised by Philips to contact their local Philips service support team or their regional service support.
Philips contact information is available at the following location:

 

https://www.usa.philips.com/healthcare/solutions/customer-service-solutions