Publication Date: July 11, 2019
Update Date: July 11, 2019
Philips is a committed leader in medical device cybersecurity. As part of our global Product Security Policy, the company conducts extensive ongoing analysis of our products, often in collaboration with customers and researchers, to identify and address potential vulnerabilities.
In accordance with Philips’ Coordinated Vulnerability Disclosure Policy for the awareness and remediation of possible system security vulnerabilities, the company is proactively issuing an advisory regarding the Philips Holter 2010 Plus electrocardiogram (EKG) software.
Philips has become aware that under certain specific conditions, an unauthorized user with high skill level may potentially be able to access software options not purchased by the customer. The threat if exploited could lead to the enablement of system options not purchased. It does not impact patient safety, patient data integrity or confidentiality or system operations.
Philips recommends users implement role-based access controls to control physical access to the system. Further controls are provided by the multiple components required to exploit the vulnerability.
Philips has reported this potential vulnerability and its resolution to customers and the appropriate government agencies, including US DHS ICS-CERT, which is issuing an advisory.
Users with questions regarding their specific Philips Holter 2010 Plus software installation are advised by Philips to contact their Customer Success Manager (CSM), local Philips service support team, or regional service support. Philips contact information is available at the following location: