'Cybersecurity vulnerability' spurs FDA recall of GE HealthCare image viewers

A series of viewers manufactured by GE Medical Systems are the subject of a recent recall by the U.S. Food and Drug Adminsitration. 

GE’s Centricity Universal Viewers are listed on the FDA’s website as being affected by a Class 2 recall. The action is due to an issue with the software that could make the viewer vulnerable to security threats. 

“There is a potential cybersecurity vulnerability affecting certain versions of Centricity Universal Viewer,” the FDA’s notice reads. “User login credentials may be exposed on the local client workstation, which could allow an unauthorized individual to potentially impact system availability and/or manipulate data.” 

After GE became aware of the issue, the company issued an Urgent Medical Device Correction notification to affected customers. It noted that they are working on corrective action and that the issue will be fixed at no additional cost. 

In the meantime, GE recommends ensuring that workstations have additional security controls when using the viewer. They indicated that customers could implement additional network account authentication by using Active Directory/LDAP services for user management. However, if this is not possible, users will need to contact GE HealthCare Service to request other temporary steps to mitigate the issue. They suggested that organizations alert all potential users to the issue so that they can ensure they are appropriately logged out of viewers while not using them. 

The recall affects over 2,000 units that are in use worldwide, including in the U.S. Organizations with questions or concerns about the recall can reach out to GE HealthCare Service at 800-437-1171. 

More detailed information can be found here.