Publication Date: December 19, 2019
Update Date: December 19, 2019
Philips is a committed leader in medical device cybersecurity. As part of our global Product Security Policy, the company conducts extensive ongoing analysis of our products, often in collaboration with customers and researchers, to identify and address potential vulnerabilities.
In accordance with Philips’ Coordinated Vulnerability Disclosure Policy for the awareness and remediation of possible system security vulnerabilities, the company is proactively issuing an advisory regarding specific Philips Veradius Unity (718132) Medical Devices with a Dual WAN Router (with wireless or ViewForum options) shipped between 2016 and August 2018. In addition, Pulsera (718095), and Endura (718075) Medical Devices with a Dual WAN Router (with wireless or ViewForum options) shipped between 26 June 2017 and 07 August 2018.
Philips has become aware that affected routers may have inadequate encryption strength, which may allow an unauthorized user to compromise the router management interface.
Data confidentiality is protected by internal system design preventing exploitation of the Dual WAN router vulnerability. Even if the Dual Wan Router vulnerability is exploited there is no possible access to patient data or interference with usage of the system. Thus, the medical device is safe to use and has no security risk.
Philips has a solution available for customers who have the wireless or ViewForum option in their product to update the configuration of the Dual WAN router.
To contact their local Philips service support team, or regional service support, Philips contact information is available at the following location:
Please see the Philips product security web site for the latest security information for Philips products: https://www.philips.com/productsecurity
Philips has reported this potential vulnerability and its resolution to customers and the appropriate government agencies, including US DHS CISA, which is issuing an advisory.