Security researchers have identified multiple security flaws in GE HealthCare Vivid Ultrasound machines, including an exploit chain that could lead to the implantation of ransomware and unauthorized access to patient data. The vulnerabilities, affecting the Vivid T9 ultrasound system and EchoPAC software, require physical access to the devices for successful exploitation. Nozomi Networks detailed the vulnerabilities, including hard-coded credentials and command injection, with the most severe CVE having a score of 9
6. GE HealthCare has issued advisories and stated that existing mitigations mitigate the risks, but the flaws underscore the importance of enhancing cybersecurity measures to safeguard patient data and medical devices from potential cyber threats. https://thehackernews.com/2024/05/researchers-uncover-11-security-flaws.html