Philips Healthcare has reported a low-level security issue with its ultrasound scanners that could enable unauthorized personnel to bypass authentication and log in to systems.
In a security alert, the company said that the issue only applies to local access to affected scanners, and it requires a "high skill level" to exploit. If an exploitation does occur, the unauthorized user might be able to enable and access features on the ultrasound scanner that were not included with the purchase of the system.
The company noted that it believes that the vulnerability is not a device safety issue, and it does not believe the security problem is a safety hazard to patients. Philips noted that it hasn't received any reports of the vulnerability being exploited in clinical use.
The company said the vulnerability applies to Ultrasound ClearVue versions 3.2 and prior, Ultrasound CX versions 5.0.2 and prior, Ultrasound Epiq and Affiniti versions VM5.0 and prior, Ultrasound Sparq version 3.0.2 and prior, and Ultrasound Xperius.
Philips said it has released or is planning to release new software updates for the scanners that address the vulnerabilities.