The Department of Homeland Security issued an advisory over major software vulnerabilities in two versions of Philips Healthcare’s web application DoseWise Portal (DWP) that can give hackers access to protected electronic patient health information.
The software is used in the U.S., Australia, Japan and Europe for simplifying the analysis of collected radiation exposure doses. Philips was made aware of the vulnerabilities after receiving a complaint and vulnerability report from a user.
The DHS said the app can be exploited remotely by an attacker with low skill. But the company, in a separate advisory, said “elevated privileges” are required for an attacker to access the system files.