Isn't getting surgery scary enough?
A flaw in General Electric's anesthesia and respiratory devices has been putting patients at risk, according to some security researchers.
If exploited, a hacker could change the composition of the gas that these machines dispense.
For the vulnerability to be exploited, a hacker would need access to a hospital’s network and for the machines to be connected to a terminal server, or one that allows enterprises to connect to multiple systems, according to CyberMDX.
But with that access, an attacker could not only alter gas composition, the researchers said, but also silence alarms on the equipment and change dates and timestamps that document a patient’s surgery.
"Once the integrity of time and date settings has been compromised, you no longer have reliable audit trails," said Elad Luz, head of research at CyberMDX. "That’s a very serious problem for any medical center."