The Department of Homeland Security issued an advisory over major software vulnerabilities in two versions of Philips Healthcare’s web application DoseWise Portal that can give hackers access to protected electronic patient health information.
The software is used in the U.S., Australia, Japan and Europe for simplifying the analysis of collected radiation exposure doses. Philips was made aware of the vulnerabilities after receiving a complaint and vulnerability report from a user.
The DHS said the app can be exploited remotely by an attacker with low skill. But the company, in a separate advisory, said “elevated privileges” are required for an attacker to access the system files.
The company plans on releasing an update version of DWP 188.8.131.5269 with a new authentication method and without any password vulnerabilities. User passwords for version 184.108.40.2063 will be changed and encrypted with Philips’ support.
The DHS advised using defensive measures with the current DWP versions to lower the risk of hacking, such as reducing network exposure and isolating all medical and remote devices located behind firewalls from business networks.