To guide our efforts, we have created a global policy to address the evolving nature of security in medical technology, including product feature requirements, security threat assessment and tracking, and compliance with local government standards.
Security Advisory & Archive
Philips Healthcare Product Security Update – Heartbleed Vulnerability For our Remote Service solution (PRS) we have reviewed all of our customer facing interfaces and VPN connections to our customer facilities, and can confirm that these are not affected by the Heartbleed issue. Philips Healthcare and Windows XP End of Support Where feasible, Philips Healthcare has been developing solutions for products running Windows XP to address continuity of protection against known and emerging security threats and vulnerabilities. To this end, Philips Healthcare will provide product-specific Statements to assist customers. Where applicable, these Product Statements may provide upgrade or field change order information.
Philips Healthcare is aware of the OpenSSL ‘heartbleed’ security vulnerability. The vulnerability (assigned CVE-2014-0160) impacts OpenSSL versions 1.0.1 – 1.0.1f. The effect of this vulnerability on Philips healthcare products and services is being investigated by the Philips engineering and product security teams. Customers will be notified once a solution is available for any affected product(s).
As part of our continued attention to your security needs, Philips Healthcare wishes to bring to your attention that Microsoft has discontinued support for the Microsoft Windows XP Operating System, following
April 8, 2014.
Philips Xper-IM vulnerability information (21 Feb 2013)
Philips Healthcare is aware that researchers at a recent cyber-security conference in Florida presented on a security vulnerability in a system component of the Philips Xper Information Management System. This has been investigated by the responsible Philips engineering and product security experts and we expect to provide a software update within a short period of time once the software validation has been completed. Affected customers will be notified directly once this software update is available.
A related concern regarding the disclosure during the conference of service passwords used on Xper IM systems is already being addressed by a Philips Field Change Order (FCO 83000171) which is currently being distributed to all affected customers. The information provided by this FCO also contains instructions to mitigate the above network-based heap overflow vulnerability in the interim.
Customers with specific questions regarding any security advisory and their Philips Healthcare products are asked to may send an e-mail to productsecurity@philips.com, contact their Philips Service Representative or contact their regional Philips Service Support. Any media inquiries should be directed to:
Mario Fante, mario.fante@philips.com
or (outside N. America):
Steve Klink, steve.klink@philips.com
Philips manufactures, sells and helps you maintain highly complex medical devices and systems. Per policy, only Philips authorized changes are allowed to be made to these systems, either by Philips personnel or under Philips explicit published direction.
Please contact your Philips service representative for specific information about potential vulnerabilities and the availability of patches for your equipment configuration.
