Philips issued a warning Nov. 14 about a vulnerability in its IntelliBridge EC40 and EC80 Hubs, according to a statement from Philips to Becker’s Hospital Review.
The systems serve as a plug-and-play solution for hospitals. The IntelliBridge hubs allow medical device information to be transferred from different formats. Clinicians can view a consolidated view of patient data in operating rooms and intensive care units with the system.
In a statement to Becker’s Hospital Review, Philips said if exploited the vulnerability could allow an unauthorized user access to patient data. Unauthorized users could also execute software, modify system configuration and update patient files.
There has been no evidence that the vulnerability has been exploited. Philips plans to release a patch for the system bug by the end of the third quarter of 2020.
For any hospitals with the Philips IntelliBridge EC40 or EC80 Hubs, staff should contact Philips’ service support team with any questions. Philips has contacted the Department of Homeland Security’s certified information systems auditor about the vulnerability.
Philips created a publicly accessible, voluntary Coordinated Vulnerability Disclosure program. The program allows customers, security researchers, regulators and other agencies to report and identify potential vulnerabilities within Philips’ systems.