Publication Date: December 5, 2018
Update Date: December 5, 2018
Philips is a committed leader in medical device cybersecurity. As part of our global Product Security Policy, the company conducts extensive ongoing analysis of our products, often in collaboration with customers and researchers, to identify and address potential vulnerabilities.
In accordance with Philips’ Coordinated Vulnerability Disclosure Policy for the awareness and remediation of possible system security vulnerabilities, the company is proactively issuing an advisory concerning an identified inadequate encryption strength vulnerability affecting the Philips HealthSuite Health Android application.
Unless addressed, this issue may allow an attacker with physical access to potentially impact confidentiality and integrity of the product.
At this time, Philips has received no reports of exploitation of this vulnerability or incidents from clinical use that we have been able to associate with this vulnerability, Philips analysis indicates that there is no expectation of patient hazard due to this issue.
This vulnerability will be addressed by a new software release scheduled for Q1 2019.
Philips advises users against jail-breaking or rooting their mobile device. A jail broken or rooted device means one that is modified outside the mobile device or operating system vendor supported or warranted configurations. Such devices have been freed from the limitations imposed on it by mobile service providers and the phone manufacturers without their approval. This may affect the performance of the App, weaken the security of devices and expose users to additional risks.
Philips has reported this potential vulnerability and its resolution to customers and the appropriate government agencies, including US DHS ICS-CERT, which is issuing an advisory.
Users with questions regarding their specific Philips HealthSuite Health Android app are advised by Philips to contact their Customer Success Manager (CSM), local Philips service support team, or regional service support. Philips contact information is available at the following location: