Philips issued a notification disclosing security vulnerabilities in its Philips DoseWise Portal application Aug. 17.
Philips DoseWise Portal is a radiation dose management application that helps providers collect and analyze radiation dose metrics across X-ray imaging devices. The company learned of security vulnerabilities in the product's hard-coded database credentials after a customer submitted a compliant.
"Successful exploitation may allow a remote attacker to gain access to the database of the DoseWise Portal application which contains patient health information," the notification reads. "Potential impact could include compromise of patient confidentiality, system integrity and/or system availability."
The notification emphasized Philips has not received any reports related to individuals exploiting these vulnerabilities. For a cyberattacker to take advantage of these vulnerabilities, he or should would have to have established privileges to access the web application's back-end system files, according to Philips.
Philips officials said the company has notified its customers of the security vulnerabilities and will coordinate with them to schedule updates. The company plans to release an updated product version and supporting product documentation this month.
Until that update is released, Philips officials recommended customers take precautions like implementing best practices for network security.
Click here to view the full notification.