Dozens of medical imaging devices built by General Electric are secured with hardcoded default passwords that can’t be easily changed, but could be exploited to access sensitive patient scans, according to new findings by security firm CyberMDX.
The researchers said that an attacker would only need to be on the same network to exploit a vulnerable device, such as by tricking an employee into opening an email with malware. From there, the attacker could use those unchanged hardcoded passwords to obtain whatever patient data was left on the device or disrupt the device from operating properly.
CyberMDX said X-ray …
