New and Older Philips Xper Management Systems Susceptible to Hacking

Philips announced that the vulnerabilities in its Xper hospital management system could impact both new and older-generation models. The vulnerability gave hackers access to secure patient data and other information through six lines of computer code.Philips' Xper is a hospital management system that connects with patient data and other machines. Security researchers at Cylance, a consultancy firm, were able to locate vulnerabilities that would give malicious groups the ability to take control of the management system and steal data. In addition, hackers could potentially use access to the Xper hospital management system as part of a stepping stone attack against other electronic assets owned by a healthcare facility.Initially, Phillips had suggested that the vulnerability only affected the company's older-generation management systems. However, company officials have determined that the security holes in the company's older Xper systems are also a problem in the newer ones too.In its initial press release after the incident, the company said, "Following notification by the U.S. Dept. of Homeland Security of a software security vulnerability related to the Philips Xper Information Management system, the Philips Healthcare product security team has engaged in ongoing investigation and customer notification and remediation." The press release continued, "Philips continues to investigate the scope and any potential impact of the identified vulnerability in the Xper IM system. Additionally, Philips continues to examine and address issues related to the public disclosure of service passwords used in healthcare products."