Publication Date:  June 5, 2018

Update Date: June 5, 2018

 

Philips is a committed leader in medical device cybersecurity. As part of our global Product Security Policy, the company conducts extensive ongoing analysis of our products, often in collaboration with customers and researchers, to identify and address potential vulnerabilities.

 

As part of Philips’ Coordinated Vulnerability Disclosure Policy for the awareness and remediation of potential system security vulnerabilities, the company is proactively issuing an advisory concerning potential security vulnerabilities that may affect the Philips IntelliVue Patient and Avalon Fetal Monitors.

 

Philips has confirmed three potential security vulnerabilities. The first if successfully exploited may allow an unauthenticated attacker to access and write to memory (“write-what-where”) from an attacker-chosen device address within the same subnet. The second vulnerability if successfully exploited may allow an unauthenticated attacker to read memory from an attacker-chosen device address within the same subnet. The third vulnerability if successfully exploited exposes an “echo” service, in which an attacker-sent buffer to an attacker-chosen device address within the same subnet is copied to the memory stack with no boundary checks, hence potentially resulting in a stack overflow. If exploited, these vulnerabilities may allow an attacker to read/write memory, and/or induce a denial of service through a system restart, thus potentially leading to a delay in diagnosis and treatment of patients.

 

These vulnerabilities are not exploitable remotely and cannot be exploited without an attacker first attaining local area network (LAN) access to the medical device. Exploiting these vulnerabilities also requires significant technical knowledge and skill in addition to local area network (LAN) access.

 

At this time, Philips has received no reports of exploitation of these vulnerabilities or incidents from clinical use that we have been able to associate with this problem, and no public exploits are know to exist that specifically target these vulnerabilities.

 

In order for customers of affected devices to mitigate exposure to these vulnerabilities, Philips recommends following the device’s labeling, including Instructions for Use and Service Guide(s), which provide compensating controls to mitigate these vulnerabilities.  Philips is working to issue a software update for the Philips IntelliVue Patient and Avalon Fetal Monitors to address these vulnerabilities. For IntelliVue Patient Monitor, the anticipated patch release date is projected to be Q2 2018 for the current release, and Q3 for older software revisions J through L.  For Avalon Fetal Monitor, the anticipated patch release date is projected to be Q3 2018 for Revisions G.0 and J.3.  The timing and release of the patches are contingent on verification and validation of the patches and any potentially required regulatory approval.

 

Philips, in collaboration with security researchers from Medigate, has reported these potential vulnerabilities and their resolution to customers and the appropriate government agencies, including U.S. DHS/ICS-CERT, which is issuing an advisory.

 

Philips recognizes that the security of our healthcare, personal health, and home consumer products and services are business critical for our customers. Philips has taken the lead in creating a Coordinated Vulnerability Disclosure policy, to collaborate with customers, security researchers, regulators and other agencies to help proactively identify, address and disclose potential vulnerabilities in a safe and effective manner.

 

Customers with questions regarding their specific Philips IntelliVue Patient or Avalon Fetal Monitor installations are advised by Philips to contact their local Philips service support team or their regional service support.